CVE-2018-19941 — Cleartext Storage of Sensitive Information in a Cookie in Systems INC QTS

CWE-315 — Cleartext Storage of Sensitive Information in a Cookie CWE-312 — Cleartext Storage of Sensitive Info3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 64.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems INC QTS Qnap Systems INC Quts Hero Qnap Systems INC Qutscloud +3 more

Timeline

PublishedDec 31

Latest updateMay 24

Description

A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-available tools. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.2.1379 build 20200730 (and later)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

▶NVDqnap/quts_hero< h4.5.1.1472

▶NVDqnap/qutscloud< c4.5.2.1379

▶CVEListV5qnap_systems_inc/quts_herounspecified — h4.5.1.1472

▶CVEListV5qnap_systems_inc/qutscloudunspecified — c4.5.2.1379

▶NVDqnap/qts< 4.5.1.1456

🔴Vulnerability Details

GHSA

GHSA-vhv6-87pm-667v: A vulnerability has been reported to affect QNAP NAS↗2022-05-24

▶

CVEList

Cleartext Storage of Sensitive Information in Cookies↗2020-12-31

▶