CVE-2018-0728

Published: Dec 4, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

This improper access control vulnerability in Helpdesk allows attackers to access the system logs. To fix the vulnerability, QNAP recommend updating QTS and Helpdesk to their latest versions.

Affected (1)

Products: Qnap: Helpdesk

Qnap

1 product

Helpdesk

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qnap Helpdesk	Before 3.0.0

Running on/with	Platform Versions
Qnap Qts	All versions

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://www.qnap.com/zh-tw/security-advisory/nas-201911-20

Source: security@qnapsecurity.com.tw

Vendor Advisory

https://www.qnap.com/zh-tw/security-advisory/nas-201911-20

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.