CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-13297

Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsm_path parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 57.8%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

https://www.synology.com/security/advisory/Synology_SA_18_50
https://www.synology.com/security/advisory/Synology_SA_18_50

Products affected by CVE-2018-13297

Synology » Drive Server » Version: 1.0.0-10240

cpe:2.3:a:synology:drive_server:1.0.0-10240
Synology » Drive Server » Version: 1.0.1-10253

cpe:2.3:a:synology:drive_server:1.0.1-10253
Synology » Drive Server » Version: 1.0.2-10275

cpe:2.3:a:synology:drive_server:1.0.2-10275
Synology » Drive Server » Version: 1.0.3-10281

cpe:2.3:a:synology:drive_server:1.0.3-10281
Synology » Drive Server » Version: 1.1.0-10544

cpe:2.3:a:synology:drive_server:1.1.0-10544
Synology » Drive Server » Version: 1.1.1-10551

cpe:2.3:a:synology:drive_server:1.1.1-10551

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-13297

Products

Pricing

Contact Us