CVE-2020-2505

EPSS 0.06%
Veröffentlicht 24.12.2020 02:15:12
Zuletzt bearbeitet 21.11.2024 05:25:22
Quelle security@qnapsecurity.com.tw
Teams Watchlist Login
Unerledigt Login

If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qnap ≫ Qes Version < 2.1.1

Qnap ≫ Qes Version2.1.1 Update-

Qnap ≫ Qes Version2.1.1 Updatebuild_20200211

Qnap ≫ Qes Version2.1.1 Updatebuild_20200303

Qnap ≫ Qes Version2.1.1 Updatebuild_20200319

Qnap ≫ Qes Version2.1.1 Updatebuild_20200424

Qnap ≫ Qes Version2.1.1 Updatebuild_20200515

Qnap ≫ Qes Version2.1.1 Updatebuild_20200811

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.153

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.3	0.8	1.4	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N
security@qnapsecurity.com.tw	2.3	0.8	1.4	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

https://www.qnap.com/zh-tw/security-advisory/qsa-20-17

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-2505

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-2505

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-2505

EUVD