CVE-2020-2505

LOW

QNAP QES < 2.1.1 - Information Disclosure via Error Message Generation

Title source: llm
STIX 2.1

Description

If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.

References (1)

Core 1
Core References

Scores

CVSS v3 2.3
EPSS 0.0029
EPSS Percentile 21.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-209 CWE-755
Status published
Products (2)
qnap/qes 2.1.1 (7 CPE variants)
qnap/qes < 2.1.1
Published Dec 24, 2020
Tracked Since Feb 18, 2026