Description
This improper access control vulnerability in Helpdesk allows attackers to access the system logs. To fix the vulnerability, QNAP recommend updating QTS and Helpdesk to their latest versions.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.qnap.com/zh-tw/security-advisory/nas-201911-20
Scores
CVSS v3
7.5
EPSS
0.0028
EPSS Percentile
51.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-269
Status
published
Products (1)
qnap/helpdesk
< 3.0.0
Published
Dec 04, 2019
Tracked Since
Feb 18, 2026