Lucene search

QnapCVELIST:CVE-2021-28814

HistoryJun 11, 2021 - 6:35 a.m.

CVE-2021-28814 Improper Access Control Vulnerability in Helpdesk

2021-06-1106:35:15

CWE-269

qnap

www.cve.org

cve-2021-28814

improper access control

qnap nas security

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.003

Percentile

70.8%

JSON

An improper access control vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows remote attackers to compromise the security of the software. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.4.

CNA Affected

[
  {
    "product": "Helpdesk",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "3.0.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.qnap.com/zh-tw/security-advisory/qsa-21-25

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.003

Percentile

70.8%

JSON

Related for CVELIST:CVE-2021-28814