← Retour aux CVEs
CVE-2018-19941
HIGH7.5
Description
A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-available tools. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.2.1379 build 20200730 (and later)
Details CVE
Score CVSS v3.17.5
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie12/31/2020
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
qnap:qtsqnap:quts_heroqnap:qutscloud
Faiblesses (CWE)
CWE-315CWE-312
References
https://www.qnap.com/zh-tw/security-advisory/qsa-20-23(security@qnapsecurity.com.tw)
https://www.qnap.com/zh-tw/security-advisory/qsa-20-23(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.