CVE-2018-19941
Cleartext Storage of Sensitive Information in Cookies
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-available tools. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.2.1379 build 20200730 (and later)
Se ha reportado una vulnerabilidad que afecta a QNAP NAS. Si se explota, esta vulnerabilidad permite a un atacante acceder a información confidencial almacenada en texto plano dentro de las cookies por medio de determinadas herramientas ampliamente disponibles. QNAP ya ha corregido esta vulnerabilidad en las siguientes versiones: QTS versiones 4.5.1.1456 build 20201015 (y posteriores) QuTS hero versión h4.5.1.1472 build 20201031 (y posteriores) QuTScloud versión c4.5.2.1379 build 20200730 (y posteriores)
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-12-07 CVE Reserved
- 2020-12-31 CVE Published
- 2023-09-16 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-312: Cleartext Storage of Sensitive Information
- CWE-315: Cleartext Storage of Sensitive Information in a Cookie
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.qnap.com/zh-tw/security-advisory/qsa-20-23 | 2021-01-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | < 4.5.1.1456 Search vendor "Qnap" for product "Qts" and version " < 4.5.1.1456" | - |
Affected
| ||||||
Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | < h4.5.1.1472 Search vendor "Qnap" for product "Quts Hero" and version " < h4.5.1.1472" | - |
Affected
| ||||||
Qnap Search vendor "Qnap" | Qutscloud Search vendor "Qnap" for product "Qutscloud" | < c4.5.2.1379 Search vendor "Qnap" for product "Qutscloud" and version " < c4.5.2.1379" | - |
Affected
|