CVE-2018-19957
Insufficient HTTP Security Headers in QTS, QuTS hero, and QuTScloud
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability allows remote attackers to launch privacy and security attacks. We have already fixed this vulnerability in the following versions: QTS 4.5.4.1715 build 20210630 and later QuTS hero h4.5.4.1771 build 20210825 and later QuTScloud c4.5.6.1755 build 20210809 and later
Se ha reportado de una vulnerabilidad que implica encabezados de seguridad HTTP insuficientes y que afecta a los NAS de QNAP que ejecutan QTS, QuTS hero y QuTScloud. Esta vulnerabilidad permite a atacantes remotos iniciar ataques de privacidad y seguridad. Ya hemos corregido esta vulnerabilidad en las siguientes versiones: QTS 4.5.4.1715 build 20210630 y posteriores QuTS hero h4.5.4.1771 build 20210825 y posteriores QuTScloud c4.5.6.1755 build 20210809 y posteriores
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-12-07 CVE Reserved
- 2021-09-10 CVE Published
- 2024-09-13 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-1021: Improper Restriction of Rendered UI Layers or Frames
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.qnap.com/en/security-advisory/qsa-21-03 | 2021-09-23 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | < 4.5.4.1715 Search vendor "Qnap" for product "Qts" and version " < 4.5.4.1715" | - |
Affected
| ||||||
Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | < h4.5.4.1771 Search vendor "Qnap" for product "Quts Hero" and version " < h4.5.4.1771" | - |
Affected
| ||||||
Qnap Search vendor "Qnap" | Qutscloud Search vendor "Qnap" for product "Qutscloud" | < c4.5.6.1755 Search vendor "Qnap" for product "Qutscloud" and version " < c4.5.6.1755" | - |
Affected
|