CyberSec.Space Logo
Back to CVE Browser

CVE-2020-2506

Known Exploited (CISA KEV)HIGH
7.3
CVSS Severity Score
EPSS Score26.8880%
EPSS Percentile86.23th
PublishedFeb 3, 2021
Last ModifiedOct 27, 2025

Vulnerability Description

The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.

Affected Platforms (CPE)

๐Ÿ“ฆ
Qnap

Helpdesk

< 3.0.3

References & Advisories

๐Ÿ”— https://www.qnap.com/zh-tw/security-advisory/qsa-20-08
๐Ÿ”— https://www.qnap.com/zh-tw/security-advisory/qsa-20-08
๐Ÿ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-2506

Related Vulnerabilities

CVE-2003-030410.0

one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers to create administrator accounts by directly calling the inst...

CVE-2020-149429.8

Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.

CVE-2020-25009.8

This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Attackers can acces...

CVE-2020-126849.8

XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer), as used in i-net HelpDesk and other products, when XML in...