CVE-2023-52947 MEDIUM

CVE-2023-52947

Vendor Synology
Product Synology Active Backup for Business Agent
Weakness CWE-306 · Missing auth
Published September 26, 2024
Last update September 26, 2024

CVSS base score

4.0/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to operate and will not be affected by the logout.

Key dates

02Disclosure timeline

September 26, 2024 CVE published
September 26, 2024 Record updated