Publish Time: 2022-12-19 17:45:31 UTC+8
Last Updated: 2023-05-22 15:34:54 UTC+8
Abstract
Multiple vulnerabilities allow remote attackers or remote authenticated users to bypass security constraint via a susceptible version of Synology Directory Server.
Affected Products
Product | Severity | Fixed Release Availability |
---|---|---|
Synology Directory Server for DSM 7.2 | Important | Upgrade to 4.15.13-0615 or above. |
Synology Directory Server for DSM 7.1 | Important | Will not fix |
Synology Directory Server for DSM 7.0 | Important | Will not fix |
Synology Directory Server for DSM 6.2 | Important | Will not fix |
Mitigation
None
Detail
CVE-2022-37966
CVE-2022-37967
CVE-2022-38023
CVE-2022-45141
Reference
Revision
Revision | Date | Description |
---|---|---|
1 | 2022-12-19 | Initial public release. |
2 | 2023-03-07 | Disclosed vulnerability details. |
3 | 2023-05-22 | Update for Synology Directory Server is now available in Affected Products. |