7.7

CVE-2024-29228

Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.

Data is provided by the National Vulnerability Database (NVD)
SynologySurveillance Station Version < 9.2.0-9289
   SynologyDiskstation Manager Version6.2
SynologySurveillance Station Version < 9.2.0-11289
   SynologyDiskstation Manager Version7.1
   SynologyDiskstation Manager Version7.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.19% 0.414
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.7 3.1 4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
security@synology.com 7.7 3.1 4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.