CVE-2024-48863

CWE-78OS Command Injection6 documents4 sources
Severity
7.7HIGH
EPSS
3.2%
top 13.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems Inc. License CenterQnap License Center
Timeline
PublishedDec 6

Description

A command injection vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following version: License Center 1.9.43 and later

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

NVDqnap/license_center1.9.361.9.43
CVEListV5qnap_systems_inc./license_center1.9.x1.9.43

🔴Vulnerability Details

5
GHSA
GHSA-9c26-wm2f-5pm9: A command injection vulnerability has been reported to affect License Center2024-12-06
CVEList
License Center2024-12-06
OSV
linux-raspi-5.4 vulnerabilities2024-10-10
OSV
linux-raspi vulnerabilities2024-10-01
OSV
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.2024-09-18
CVE-2024-48863 (HIGH CVSS 7.7) | A command injection vulnerability h | cvebase.io