CVE-2020-2505

EPSS 0.06%
Published 24.12.2020 02:15:12
Last modified 21.11.2024 05:25:22
Source security@qnapsecurity.com.tw
Teams watchlist Login
Open Login

If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.

Affected products Warnungen 0 Metrics 4 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Qnap ≫ Qes Version < 2.1.1

Qnap ≫ Qes Version2.1.1 Update-

Qnap ≫ Qes Version2.1.1 Updatebuild_20200211

Qnap ≫ Qes Version2.1.1 Updatebuild_20200303

Qnap ≫ Qes Version2.1.1 Updatebuild_20200319

Qnap ≫ Qes Version2.1.1 Updatebuild_20200424

Qnap ≫ Qes Version2.1.1 Updatebuild_20200515

Qnap ≫ Qes Version2.1.1 Updatebuild_20200811

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.153

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	2.3	0.8	1.4	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N
security@qnapsecurity.com.tw	2.3	0.8	1.4	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

https://www.qnap.com/zh-tw/security-advisory/qsa-20-17

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-2505

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-2505

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-2505

EUVD