CVE-2024-53696

CWE-918Server-Side Request Forgery (SSRF)3 documents3 sources
Severity
5.1MEDIUM
EPSS
0.1%
top 73.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Qnap Systems Inc. QTSQnap Systems Inc. Qulog CenterQnap Systems Inc. Quts Hero+3 more
Timeline
PublishedMar 7

Description

A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data. We have already fixed the vulnerability in the following versions: QuLog Center 1.7.0.829 ( 2024/10/01 ) and later QuLog Center 1.8.0.888 ( 2024/10/15 ) and later QTS 4.5.4.2957 build 20241119 and later QuTS hero h4.5.4.2956 build 20241119 and later

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages6 packages

NVDqnap/qulog_center1.7.01.7.0.829+1
CVEListV5qnap_systems_inc./qulog_center1.7.x.x1.7.0.829 ( 2024/10/01 )+1
NVDqnap/quts_heroh4.5.0h4.5.4.2476
CVEListV5qnap_systems_inc./quts_heroh4.5.xh4.5.4.2956 build 20241119
NVDqnap/qts4.5.14.5.4.2957

🔴Vulnerability Details

2
GHSA
GHSA-q469-433j-8xc2: A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center2025-03-07
CVEList
QuLog Center2025-03-07
CVE-2024-53696 (MEDIUM CVSS 5.1) | A server-side request forgery (SSRF | cvebase.io