VYPR

Active Backup for Business

by Synology

CVEs (9)

  • CVE-2025-30028HigMay 27, 2026
    Synology
    Active Backup for Business
    risk 0.56cvss 8.6epss

    A vulnerability in Active Backup for Business allows unauthorized remote attackers to read arbitrary files.

  • CVE-2025-66592MedMay 27, 2026
    Synology
    Active Backup for Business
    risk 0.40cvss 6.1epss

    An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content during installation.

  • CVE-2024-47266Feb 13, 2025
    Synology
    Active Backup for Business
    risk 0.00cvss epss 0.00

    Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in share file list functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with administrator privileges to…

  • CVE-2024-47265Feb 13, 2025
    Synology
    Active Backup for Business
    risk 0.00cvss epss 0.00

    Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in encrypted share umount functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users to write specific files…

  • CVE-2024-47264Feb 13, 2025
    Synology
    Active Backup for Business
    risk 0.00cvss epss 0.01

    Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in agent-related functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with administrator privileges to…

  • CVE-2023-52949Sep 26, 2024
    Synology
    Active Backup for Business
    risk 0.00cvss epss 0.00

    Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors.

  • CVE-2023-52948Sep 26, 2024
    Synology
    Active Backup for Business
    risk 0.00cvss epss 0.00

    Missing encryption of sensitive data vulnerability in settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors.

  • CVE-2023-52947Sep 26, 2024
    Synology
    Active Backup for Business
    risk 0.00cvss epss 0.00

    Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to operate and will not be…

  • CVE-2023-52950Sep 26, 2024
    Synology
    Active Backup for Business
    risk 0.00cvss epss 0.00

    Missing encryption of sensitive data vulnerability in login component in Synology Active Backup for Business Agent before 2.7.0-3221 allows adjacent man-in-the-middle attackers to obtain user credential via unspecified vectors.