Sensitive information via generation of error messages vulnerability in QES
CVE-2020-2505

2.3LOW

Key Information:

Vendor: QNAP
Status: Qes
Vendor: CVE Published:; 23 December 2020

Summary

If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.

Affected Version(s)

QES build 20201006 < 2.1.1

References

https://www.qnap.com/zh-tw/security-advisory/qsa-20-17

x_refsource_MISC

CVSS V3.1

Score:

2.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 23, 2020
Vulnerability Reserved
Dec 9, 2019

Credit

TIM Security Red Team Research