CVE-2017-13068

7.5HIGH

Key Information:

Vendor: Qnap
Status: Qnap Helpdesk App
Vendor: CVE Published:; 6 October 2017

Summary

QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attacker does not require any privileges to successfully execute this attack.

Affected Version(s)

QNAP Helpdesk APP QTS Helpdesk versions 1.1.12 and earlier

References

https://www.qnap.com/en/security-advisory/nas-201709-29

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 6, 2017
Vulnerability Reserved
Aug 22, 2017