CVE-2022-49037

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Sep 26, 2024
CWE ID 532

Summary

CVE-2022-49037 is a vulnerability that affects the Synology Drive Client versions prior to 3.3.0-15082, allowing remote authenticated users to access sensitive information through log files due to improper handling of proxy settings. The issue is categorized as having a medium severity level with a CVSS base score of 6.5, indicating a high impact on confidentiality with low privileges required for exploitation. To remediate this vulnerability, organizations should update their Synology Drive Client software to version 3.3.0-15082 or later as outlined in the security advisory from Synology. The potential danger posed includes unauthorized access to sensitive data, which could lead to further security breaches within an organization. This vulnerability highlights the importance of proper log management and the need for regular software updates to mitigate risks associated with information exposure through log files.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share