5.1

CVE-2024-53696

A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data.

We have already fixed the vulnerability in the following versions:
QuLog Center 1.7.0.829 ( 2024/10/01 ) and later
QuLog Center 1.8.0.888 ( 2024/10/15 ) and later
QTS 4.5.4.2957 build 20241119 and later
QuTS hero h4.5.4.2956 build 20241119 and later

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorQNAP Systems Inc.
Product QuLog Center
Default Statusunaffected
Version < 1.7.0.829 ( 2024/10/01 )
Version 1.7.x.x
Status affected
Version < 1.8.0.888 ( 2024/10/15 )
Version 1.8.x.x
Status affected
VendorQNAP Systems Inc.
Product QTS
Default Statusunaffected
Version < 4.5.4.2957 build 20241119
Version 4.5.x
Status affected
VendorQNAP Systems Inc.
Product QuTS hero
Default Statusunaffected
Version < h4.5.4.2956 build 20241119
Version h4.5.x
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.12% 0.314
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
security@qnapsecurity.com.tw 5.1 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.