QNAP Helpdesk up to 3.0.3 access control

EntryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, has been found in QNAP Helpdesk up to 3.0.3. Affected by this issue is an unknown function. Upgrading to version 3.0.4 eliminates this vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1133762506/13/2021VulD...cve_cnaQNAP Systems, Inc.nvd.nist.gov06/13/2021accepted70
1133762406/13/2021VulD...cvss3_meta_tempscore6.0see documentation06/13/2021accepted90
1133762306/13/2021VulD...cvss3_vuldb_tempscore6.006/13/2021accepted90
1133762206/13/2021VulD...cvss2_vuldb_tempscore5.706/13/2021accepted90
1133762106/13/2021VulD...cve_nvd_summaryAn improper access control vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows remote attackers to compromise the security of the software. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.4.cve.mitre.org06/13/2021accepted70
1133762006/13/2021VulD...cve_assigned1616022000cve.mitre.org06/13/2021accepted70
1133258306/11/2021VulD...price_0day$0-$5ksee documentation06/11/2021accepted90
1133258206/11/2021VulD...cvss3_meta_tempscore6.3see documentation06/11/2021accepted90
1133258106/11/2021VulD...cvss3_meta_basescore6.3see documentation06/11/2021accepted90
1133258006/11/2021VulD...cvss3_vuldb_tempscore6.306/11/2021accepted90
1133257906/11/2021VulD...cvss3_vuldb_basescore6.306/11/2021accepted90
1133257806/11/2021VulD...cvss2_vuldb_tempscore6.506/11/2021accepted90
1133257706/11/2021VulD...cvss2_vuldb_basescore6.506/11/2021accepted90
1133257606/11/2021VulD...cvss3_vuldb_eXderived from historical data06/11/2021accepted80
1133257506/11/2021VulD...cvss2_vuldb_eNDderived from historical data06/11/2021accepted80
1133257406/11/2021VulD...cvss2_vuldb_auSderived from historical data06/11/2021accepted80
1133257306/11/2021VulD...cvss2_vuldb_rlOFderived from vuldb v3 vector06/11/2021accepted80
1133257206/11/2021VulD...cvss2_vuldb_rcCderived from vuldb v3 vector06/11/2021accepted80
1133257106/11/2021VulD...cvss2_vuldb_aiPderived from vuldb v3 vector06/11/2021accepted80
1133257006/11/2021VulD...cvss2_vuldb_iiPderived from vuldb v3 vector06/11/2021accepted80

Interested in the pricing of exploits?

See the underground prices here!