CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-2507

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1530%
EPSS Percentile12.06th
Published2021年2月3日
Last Modified2024年11月21日

Vulnerability Description

The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.

Affected Platforms (CPE)

📦
Qnap

Helpdesk

< 3.0.3

References & Advisories

🔗 https://www.qnap.com/zh-tw/security-advisory/qsa-20-08
🔗 https://www.qnap.com/zh-tw/security-advisory/qsa-20-08

関連する脆弱性情報

CVE-2003-030410.0

one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers to create administrator accounts by directly calling the inst...

CVE-2020-149429.8

Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.

CVE-2020-25009.8

This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Attackers can acces...

CVE-2020-126849.8

XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer), as used in i-net HelpDesk and other products, when XML in...