CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28814 – Improper Access Control Vulnerability in Helpdesk
https://notcve.org/view.php?id=CVE-2021-28814
An improper access control vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows remote attackers to compromise the security of the software. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.4. Se ha reportado una vulnerabilidad de control de acceso inapropiado que afecta a QNAP NAS. • https://www.qnap.com/zh-tw/security-advisory/qsa-21-25 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2506 – QNAP Helpdesk Improper Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2020-2506
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3. La vulnerabilidad ha sido reportada para afectar a versiones anteriores de QTS. • https://www.qnap.com/zh-tw/security-advisory/qsa-20-08 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2507 – command injection vulnerability in Helpdesk
https://notcve.org/view.php?id=CVE-2020-2507
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3. La vulnerabilidad ha sido reportada para afectar a versiones anteriores de QTS. • https://www.qnap.com/zh-tw/security-advisory/qsa-20-08 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19946
https://notcve.org/view.php?id=CVE-2018-19946
The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this improper certificate validation vulnerability could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. QNAP has already fixed the issue in Helpdesk 3.0.3 and later. Se ha reportado que la vulnerabilidad afecta a versiones anteriores de Helpdesk. Si es explotada, esta vulnerabilidad de comprobación de certificado inapropiada podría permitir a un atacante falsificar una entidad confiable interfiriendo en la ruta de comunicación entre el host y el cliente. • https://www.qnap.com/zh-tw/security-advisory/qsa-20-05 • CWE-295: Improper Certificate Validation CWE-297: Improper Validation of Certificate with Host Mismatch •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19947
https://notcve.org/view.php?id=CVE-2018-19947
The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this information exposure vulnerability could disclose sensitive information. QNAP has already fixed the issue in Helpdesk 3.0.3 and later. Se ha reportado que la vulnerabilidad afecta a versiones anteriores de Helpdesk. Si es explotada, esta vulnerabilidad de exposición de información podría revelar información confidencial. • https://www.qnap.com/zh-tw/security-advisory/qsa-20-05 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information CWE-210: Self-generated Error Message Containing Sensitive Information •