CVE-2023-50363

EPSS 0.03%
Veröffentlicht 26.04.2024 15:15:47
Zuletzt bearbeitet 21.11.2024 08:36:54
Quelle security@qnapsecurity.com.tw
CVE-Watchlists
Login
Unerledigt
Login

QTS, QuTS hero

An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

NVD 21 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qnap ≫ Qts Version5.1.0.2348 Updatebuild_20230325

Qnap ≫ Qts Version5.1.0.2399 Updatebuild_20230515

Qnap ≫ Qts Version5.1.0.2418 Updatebuild_20230603

Qnap ≫ Qts Version5.1.0.2444 Updatebuild_20230629

Qnap ≫ Qts Version5.1.0.2466 Updatebuild_20230721

Qnap ≫ Qts Version5.1.1.2491 Updatebuild_20230815

Qnap ≫ Qts Version5.1.2.2533 Updatebuild_20230926

Qnap ≫ Qts Version5.1.3.2578 Updatebuild_20231110

Qnap ≫ Qts Version5.1.4.2596 Updatebuild_20231128

Qnap ≫ Qts Version5.1.5.2645 Updatebuild_20240116

Qnap ≫ Qts Version5.1.5.2679 Updatebuild_20240219

Qnap ≫ Quts Hero Versionh5.1.0.2409 Updatebuild_20230525

Qnap ≫ Quts Hero Versionh5.1.0.2424 Updatebuild_20230609

Qnap ≫ Quts Hero Versionh5.1.0.2453 Updatebuild_20230708

Qnap ≫ Quts Hero Versionh5.1.0.2466 Updatebuild_20230721

Qnap ≫ Quts Hero Versionh5.1.1.2488 Updatebuild_20230812

Qnap ≫ Quts Hero Versionh5.1.2.2534 Updatebuild_20230927

Qnap ≫ Quts Hero Versionh5.1.3.2578 Updatebuild_20231110

Qnap ≫ Quts Hero Versionh5.1.4.2596 Updatebuild_20231128

Qnap ≫ Quts Hero Versionh5.1.5.2647 Updatebuild_20240118

Qnap ≫ Quts Hero Versionh5.1.5.2680 Updatebuild_20240220

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.059

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
security@qnapsecurity.com.tw	7.4	3.1	3.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://www.qnap.com/en/security-advisory/qsa-24-20

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-50363

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-50363

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-50363

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-50363