CVE-2024-13086 — Sensitive Information Exposure in Systems INC Quts Hero

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

7.5HIGHNVD

CNA5.3

EPSS

0.1%

top 65.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems INC QTS Qnap Systems INC Quts Hero Qnap QTS +1 more

Timeline

PublishedMar 7

Description

An exposure of sensitive information vulnerability has been reported to affect product. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following version: QTS 5.2.0.2851 build 20240808 and later QuTS hero h5.2.0.2851 build 20240808 and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5qnap_systems_inc/quts_heroh5.x — QuTS hero h5.2.0.2851 build 20240808

▶NVDqnap/quts_heroh5.0.0 — h5.2.0.2851

▶CVEListV5qnap_systems_inc/qts5.x — QTS 5.2.0.2851 build 20240808

▶NVDqnap/qts5.0.0 — 5.2.0.2851

🔴Vulnerability Details

CVEList

QTS, QuTS hero↗2025-03-07

▶

GHSA

GHSA-rfr3-g285-rggj: An exposure of sensitive information vulnerability has been reported to affect product↗2025-03-07

▶