CVE-2020-2505Information Exposure via Error Message in Systems INC QES

CWE-209Information Exposure via Error MessageCWE-755Improper Handling of Exceptional Conditions3 documents3 sources
Severity
2.3LOWNVD
EPSS
0.1%
top 81.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems INC QESQnap QES
Timeline
PublishedDec 24
Latest updateMay 24

Description

If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 0.8 | Impact: 1.4

Affected Packages2 packages

NVDqnap/qes< 2.1.1+1
CVEListV5qnap_systems_inc/qesunspecified2.1.1

🔴Vulnerability Details

2
GHSA
GHSA-5g2x-gm3x-pm24: If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages2022-05-24
CVEList
Sensitive information via generation of error messages vulnerability in QES2020-12-24
CVE-2020-2505 — Information Exposure via Error Message | cvebase