First published: Thu Jun 14 2018(Updated: )
Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.
Credit: security@synology.com
Affected Software | Affected Version | How to fix |
---|---|---|
Synology Calendar | <2.1.2-0511 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-8927 is an improper authorization vulnerability in SYNO.Cal.Event in Calendar before version 2.1.2-0511.
CVE-2018-8927 allows remote authenticated users to create arbitrary events in the affected Calendar software.
CVE-2018-8927 has a severity rating of 6.5 (Medium).
The Synology Calendar software versions up to and excluding 2.1.2-0511 are affected by CVE-2018-8927.
To fix CVE-2018-8927, users should update their Calendar software to version 2.1.2-0511 or higher.