CVE-2023-52948

CVSS 3.1 Score 5.0 of 10 (medium)

Details

Published Sep 26, 2024
CWE ID 311

Summary

CVE-2023-52948 identifies a vulnerability in Synology Active Backup for Business Agent versions prior to 2.7.0-3221, which lacks proper encryption of sensitive data within its settings functionality. This flaw allows local users to potentially access user credentials through unspecified methods, presenting a high confidentiality impact and categorizing it with a medium severity rating (CVSS score of 5.0). To remediate this issue, organizations are advised to update the affected software to version 2.7.0-3221 or later. The vulnerability requires low privileges and user interaction, making it exploitable in local environments but not remotely. Failure to address this vulnerability could lead to unauthorized access and compromise sensitive information within an organization.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share