CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2020-2507

CVSS 9.8v3.1pub. 2021-02-03upd. 2024-11-21

The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Qnap Helpdesk

    APP
    Qnap
    < 3.0.3
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2020-2500CRITICAL9.8ten sam produkt

This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service....

CVE-2018-0714CRITICAL9.8ten sam produkt

Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS ...

CVE-2020-2506HIGH7.3⚠ KEVten sam produkt

The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access con...

CVE-2024-50394HIGH7.7ten sam produkt

An improper certificate validation vulnerability has been reported to affect Helpdesk. If exploited, the vulne...

CVE-2021-28814HIGH8.8ten sam produkt

An improper access control vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerabilit...