VYPR

Active Backup for Business

by Synology

CVEs (9)

  • CVE-2025-30028HigMay 27, 2026
    risk 0.56cvss 8.6epss 0.00

    A vulnerability in Active Backup for Business allows unauthorized remote attackers to read arbitrary files.

  • CVE-2024-47265MedFeb 13, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in encrypted share umount functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users to write specific files…

  • CVE-2025-66592MedMay 27, 2026
    risk 0.40cvss 6.1epss 0.00

    An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation.

  • CVE-2023-52949MedSep 26, 2024
    risk 0.36cvss 5.5epss 0.00

    Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors.

  • CVE-2023-52950MedSep 26, 2024
    risk 0.34cvss 5.3epss 0.00

    Missing encryption of sensitive data vulnerability in login component in Synology Active Backup for Business Agent before 2.7.0-3221 allows adjacent man-in-the-middle attackers to obtain user credential via unspecified vectors.

  • CVE-2023-52948MedSep 26, 2024
    risk 0.33cvss 5.0epss 0.00

    Missing encryption of sensitive data vulnerability in settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors.

  • CVE-2024-47264MedFeb 13, 2025
    risk 0.32cvss 4.9epss 0.01

    Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in agent-related functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with administrator privileges to…

  • CVE-2023-52947MedSep 26, 2024
    risk 0.26cvss 4.0epss 0.00

    Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to operate and will not be…

  • CVE-2024-47266LowFeb 13, 2025
    risk 0.18cvss 2.7epss 0.00

    Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in share file list functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with administrator privileges to…