exploitDog

CVE-2017-15887

Опубликовано: 07 нояб. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Низкий

Описание

An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack.

Ссылки

https://www.synology.com/en-global/support/security/Synology_SA_17_64_CardDAV_Server
Issue Tracking
Vendor Advisory
https://www.synology.com/en-global/support/security/Synology_SA_17_64_CardDAV_Server
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:synology:carddav_server:*:*:*:*:*:*:*:*

Версия до 6.0.7-0085 (исключая)

EPSS

Процентиль: 61%

0.00419

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-307

CWE-307

Связанные уязвимости

GHSA-prqg-8whh-c62q

CVSS3: 9.8

github

больше 3 лет назад

An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack.

EPSS

Процентиль: 61%

0.00419

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-307

CWE-307