Vulnerability Details CVE-2018-13294
Information exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the uid parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.7%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
References
Products affected by CVE-2018-13294
-
cpe:2.3:a:synology:application_service:1.0.0-0022
-
cpe:2.3:a:synology:application_service:1.1.0-0030
-
cpe:2.3:a:synology:application_service:1.1.1-0032
-
cpe:2.3:a:synology:application_service:1.3.0-0048
-
cpe:2.3:a:synology:application_service:1.3.0-0049
-
cpe:2.3:a:synology:application_service:1.3.2-0054
-
cpe:2.3:a:synology:application_service:1.3.3-0062
-
cpe:2.3:a:synology:application_service:1.4.0-0123
-
cpe:2.3:a:synology:application_service:1.4.1-0163
-
cpe:2.3:a:synology:application_service:1.4.2-0208
-
cpe:2.3:a:synology:application_service:1.5.0-0309
-
cpe:2.3:a:synology:application_service:1.5.1-0312
-
cpe:2.3:a:synology:application_service:1.5.2-0316
-
cpe:2.3:a:synology:application_service:1.5.3-0319