CVE-2018-19957

EPSS 0.22%
Published 10.09.2021 04:15:08
Last modified 21.11.2024 03:58:53
Source security@qnapsecurity.com.tw
Teams watchlist Login
Open Login

A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability allows remote attackers to launch privacy and security attacks. We have already fixed this vulnerability in the following versions: QTS 4.5.4.1715 build 20210630 and later QuTS hero h4.5.4.1771 build 20210825 and later QuTScloud c4.5.6.1755 build 20210809 and later

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Qnap ≫ Qts Version < 4.5.4.1715

Qnap ≫ Quts Hero Version < h4.5.4.1771

Qnap ≫ Qutscloud Version < c4.5.6.1755

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.22%	0.419

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-1021 Improper Restriction of Rendered UI Layers or Frames

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.

https://www.qnap.com/en/security-advisory/qsa-21-03

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-19957

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-19957

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-19957

EUVD