ID
VAR-201806-1561
CVE
CVE-2018-8922
TITLE
Synology Drive Access control vulnerability
Trust: 0.8
sources:
JVNDB: JVNDB-2018-005465
DESCRIPTION
Improper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote authenticated users to access non-shared files or folders via unspecified vectors. Synology Drive Contains an access control vulnerability.Information may be obtained. Synology Drive is a collaborative office suite from Synology, which includes the functions of document management, collaborative office and file synchronization backup
Trust: 1.71
sources:
NVD: CVE-2018-8922 //
JVNDB: JVNDB-2018-005465 //
VULHUB: VHN-138954
AFFECTED PRODUCTS
| vendor: | synology | model: | drive server | scope: | eq | version: | 1.0.2-10275 | Trust: 1.0 |
| vendor: | synology | model: | drive | scope: | lt | version: | 1.0.2-10275 | Trust: 0.8 |
| vendor: | synology | model: | drive | scope: | eq | version: | 1.0.2-10275 | Trust: 0.6 |
sources:
JVNDB: JVNDB-2018-005465 //
CNNVD: CNNVD-201806-152 //
NVD: CVE-2018-8922
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
VULHUB: VHN-138954 //
JVNDB: JVNDB-2018-005465 //
CNNVD: CNNVD-201806-152 //
NVD: CVE-2018-8922 //
NVD: CVE-2018-8922
PROBLEMTYPE DATA
| problemtype: | CWE-284 | Trust: 1.9 |
| problemtype: | NVD-CWE-noinfo | Trust: 1.0 |
sources:
VULHUB: VHN-138954 //
JVNDB: JVNDB-2018-005465 //
NVD: CVE-2018-8922
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201806-152
TYPE
access control error
Trust: 0.6
sources:
CNNVD: CNNVD-201806-152
CONFIGURATIONS
sources:
JVNDB: JVNDB-2018-005465
PATCH
| title: | Synology-SA-18:11 | url: | https://www.synology.com/en-global/support/security/Synology_SA_18_11 | Trust: 0.8 |
| title: | Synology Drive Fixes for access control error vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80508 | Trust: 0.6 |
sources:
JVNDB: JVNDB-2018-005465 //
CNNVD: CNNVD-201806-152
EXTERNAL IDS
| db: | NVD | id: | CVE-2018-8922 | Trust: 2.5 |
| db: | JVNDB | id: | JVNDB-2018-005465 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201806-152 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-138954 | Trust: 0.1 |
sources:
VULHUB: VHN-138954 //
JVNDB: JVNDB-2018-005465 //
CNNVD: CNNVD-201806-152 //
NVD: CVE-2018-8922
REFERENCES
| url: | https://www.synology.com/en-global/support/security/synology_sa_18_11 | Trust: 1.7 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8922 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2018-8922 | Trust: 0.8 |
sources:
VULHUB: VHN-138954 //
JVNDB: JVNDB-2018-005465 //
CNNVD: CNNVD-201806-152 //
NVD: CVE-2018-8922
SOURCES
| db: | VULHUB | id: | VHN-138954 |
| db: | JVNDB | id: | JVNDB-2018-005465 |
| db: | CNNVD | id: | CNNVD-201806-152 |
| db: | NVD | id: | CVE-2018-8922 |
LAST UPDATE DATE
2024-11-23T22:41:48.996000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-138954 | date: | 2019-10-09T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-005465 | date: | 2018-07-18T00:00:00 |
| db: | CNNVD | id: | CNNVD-201806-152 | date: | 2019-10-17T00:00:00 |
| db: | NVD | id: | CVE-2018-8922 | date: | 2024-11-21T04:14:36.583 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-138954 | date: | 2018-06-01T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-005465 | date: | 2018-07-18T00:00:00 |
| db: | CNNVD | id: | CNNVD-201806-152 | date: | 2018-06-04T00:00:00 |
| db: | NVD | id: | CVE-2018-8922 | date: | 2018-06-01T13:29:00.313 |