6.7

CVE-2022-27599

EPSS 0.02%
Veröffentlicht 08.09.2023 02:15:07
Zuletzt bearbeitet 21.11.2024 06:56:00
Quelle security@qnapsecurity.com.tw
CVE-Watchlists
Login
Unerledigt
Login

QVR Pro Client

An insertion of sensitive information into Log file vulnerability has been reported to affect product. If exploited, the vulnerability possibly provides local authenticated administrators with an additional, less-protected path to acquiring the information via unspecified vectors.

We have already fixed the vulnerability in the following version:
Windows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Pro Client 2.3.0.0420 and later

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qnap ≫ Qvr Pro Client Version < 2.3.0.0420

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.047

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.4	0.8	3.6	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
security@qnapsecurity.com.tw	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://www.qnap.com/en/security-advisory/qsa-23-08

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-27599

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-27599

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-27599

EUVD