CVE-2024-29231

EPSS 0.37%
Veröffentlicht 28.03.2024 07:16:04
Zuletzt bearbeitet 04.08.2025 19:09:15
Quelle security@synology.com
Teams Watchlist Login
Unerledigt Login

Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Synology ≫ Surveillance Station Version < 9.2.0-9289

Synology ≫ Diskstation Manager Version6.2

Synology ≫ Surveillance Station Version < 9.2.0-11289

Synology ≫ Diskstation Manager Version7.1
Synology ≫ Diskstation Manager Version7.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.581

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
security@synology.com	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://www.synology.com/en-global/security/advisory/Synology_SA_24_04

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-29231

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-29231

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-29231

EUVD