CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-2506

Known Exploited (CISA KEV)HIGH
7.3
CVSS Severity Score
EPSS Score26.8880%
EPSS Percentile86.23th
Published2021年2月3日
Last Modified2025年10月27日

Vulnerability Description

The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.

Affected Platforms (CPE)

📦
Qnap

Helpdesk

< 3.0.3

References & Advisories

🔗 https://www.qnap.com/zh-tw/security-advisory/qsa-20-08
🔗 https://www.qnap.com/zh-tw/security-advisory/qsa-20-08
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-2506

関連する脆弱性情報

CVE-2003-030410.0

one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers to create administrator accounts by directly calling the inst...

CVE-2020-149429.8

Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.

CVE-2020-25009.8

This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Attackers can acces...

CVE-2020-126849.8

XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer), as used in i-net HelpDesk and other products, when XML in...