CVE-2018-19944Missing Encryption of Sensitive Data in Systems INC QTS

CWE-311Missing Encryption of Sensitive DataCWE-319Cleartext Transmission of Sensitive Info3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 65.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems INC QTSQnap QTS
Timeline
PublishedDec 31
Latest updateMay 24

Description

A cleartext transmission of sensitive information vulnerability has been reported to affect certain QTS devices. If exploited, this vulnerability allows a remote attacker to gain access to sensitive information. QNAP have already fixed this vulnerability in the following versions: QTS 4.4.3.1354 build 20200702 (and later)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDqnap/qts< 4.4.3.1354
CVEListV5qnap_systems_inc/qtsunspecified4.4.3.1354

🔴Vulnerability Details

2
GHSA
GHSA-jrh8-929c-jgcv: A cleartext transmission of sensitive information vulnerability has been reported to affect certain QTS devices2022-05-24
CVEList
Cleartext Transmission of Sensitive Information in SNMP2020-12-31
CVE-2018-19944 — Missing Encryption of Sensitive Data | cvebase