CVE-2018-8919 — Sensitive Information Exposure in Synology Diskstation Manager

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

9.8CRITICALNVD

CNA8.3

EPSS

0.3%

top 50.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Synology Diskstation Manager

Timeline

PublishedDec 24

Latest updateMay 13

Description

Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5synology/diskstation_managerunspecified — 6.1.6-15266

▶NVDsynology/diskstation_manager< 6.1.6-15266

🔴Vulnerability Details

GHSA

GHSA-8937-22rp-f6j9: Information exposure vulnerability in SYNO↗2022-05-13

▶

CVEList

CVE-2018-8919: Information exposure vulnerability in SYNO↗2018-12-24

▶