CVE-2024-38645

CWE-918Server-Side Request Forgery (SSRF)4 documents4 sources
Severity
9.4CRITICAL
EPSS
0.3%
top 45.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems Inc. Notes Station 3Qnap Notes Station 3
Timeline
PublishedNov 22

Description

A server-side request forgery (SSRF) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to read application data. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages2 packages

NVDqnap/notes_station_33.9.03.9.7
CVEListV5qnap_systems_inc./notes_station_33.9.x3.9.7

🔴Vulnerability Details

2
CVEList
Notes Station 32024-11-22
GHSA
GHSA-7mv6-9483-r3cp: A server-side request forgery (SSRF) vulnerability has been reported to affect Notes Station 32024-11-22
CVE-2024-38645 (CRITICAL CVSS 9.4) | A server-side request forgery (SSRF | cvebase.io