This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Attackers can access the sensitive data on QNAP Kayako server with API keys. We have replaced the API key to mitigate the vulnerability, and already fixed the issue in Helpdesk 3.0.1 and later versions.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HQnap Helpdesk
APPQnap< 3.0.1
Powiązane podatności
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection v...
Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS ...
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access con...
An improper certificate validation vulnerability has been reported to affect Helpdesk. If exploited, the vulne...
An improper access control vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerabilit...