CVE-2021-28805

EPSS 0.11%
Veröffentlicht 11.06.2021 07:15:06
Zuletzt bearbeitet 21.11.2024 06:00:14
Quelle security@qnapsecurity.com.tw
Teams Watchlist Login
Unerledigt Login

Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read application data. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on QSW-M2108-2C; versions prior to 1.0.3 build 20210505 on QSW-M2108-2S; versions prior to 1.0.3 build 20210505 on QSW-M2108R-2C; versions prior to 1.0.12 build 20210506 on QSW-M408.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qnap ≫ Qss Version < 1.0.3

   Qnap ≫ Qsw-m2108-2c Version-
   Qnap ≫ Qsw-m2108-2s Version-
   Qnap ≫ Qsw-m2108r-2c Version-

Qnap ≫ Qss Version < 1.0.12

Qnap ≫ Qsw-m408 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.269

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N
security@qnapsecurity.com.tw	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-540 Inclusion of Sensitive Information in Source Code

Source code on a web server or repository often contains sensitive information and should generally not be accessible to users.

https://www.qnap.com/zh-tw/security-advisory/qsa-21-24

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-28805

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-28805

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-28805

EUVD