Vulnerability Details CVE-2017-15887
An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 5.0
References
Products affected by CVE-2017-15887
-
cpe:2.3:a:synology:carddav_server:5.2.0-0019
-
cpe:2.3:a:synology:carddav_server:5.2.0-0021
-
cpe:2.3:a:synology:carddav_server:5.2.0-0026
-
cpe:2.3:a:synology:carddav_server:5.2.0-0027
-
cpe:2.3:a:synology:carddav_server:5.2.0-0028
-
cpe:2.3:a:synology:carddav_server:6.0.0-0074
-
cpe:2.3:a:synology:carddav_server:6.0.2-0077
-
cpe:2.3:a:synology:carddav_server:6.0.3-0078
-
cpe:2.3:a:synology:carddav_server:6.0.4-0080
-
cpe:2.3:a:synology:carddav_server:6.0.5-0081
-
cpe:2.3:a:synology:carddav_server:6.0.6-0083