Information Exposure Vulnerability in QNAP Helpdesk Software
CVE-2018-19947

4.3MEDIUM

Key Information:

Vendor: QNAP
Status: Helpdesk
Vendor: CVE Published:; 11 September 2020

Summary

An information exposure vulnerability exists in earlier versions of QNAP's Helpdesk software. If exploited, this flaw may allow unauthorized users to access sensitive information. QNAP has released a fix in Helpdesk version 3.0.3 to address this issue. Users are advised to update to the latest version to safeguard their systems against potential data leaks.

Affected Version(s)

Helpdesk < 3.0.3

References

https://www.qnap.com/zh-tw/security-advisory/qsa-20-05

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 11, 2020
Vulnerability Reserved
Dec 7, 2018

Credit

Independent Security Evaluators