Qnap Helpdesk vulnerabilities

11 known vulnerabilities affecting qnap/helpdesk.

Total CVEs
11
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH3MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2024-50394HIGHCVSS 7.7≥ 3.3.1, < 3.3.32025-03-07
CVE-2024-50394 [HIGH] CWE-295 CVE-2024-50394: An improper certificate validation vulnerability has been reported to affect Helpdesk. If exploited, An improper certificate validation vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following version: Helpdesk 3.3.3 and later
nvd
CVE-2024-27125MEDIUMCVSS 4.8fixed in 3.3.12024-09-06
CVE-2024-27125 [LOW] CWE-79 CVE-2024-27125: A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. If exploited, the v A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following version: Helpdesk 3.3.1 and later
nvd
CVE-2021-28814HIGHCVSS 8.8fixed in 3.0.42021-06-11
CVE-2021-28814 [HIGH] CWE-269 CVE-2021-28814: An improper access control vulnerability has been reported to affect QNAP NAS. If exploited, this vu An improper access control vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows remote attackers to compromise the security of the software. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.4.
nvd
CVE-2020-2507CRITICALCVSS 9.8fixed in 3.0.32021-02-03
CVE-2020-2507 [CRITICAL] CWE-77 CVE-2020-2507: The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command i The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.
nvd
CVE-2020-2506CRITICALCVSS 9.8KEVfixed in 3.0.32021-02-03
CVE-2020-2506 [HIGH] CWE-284 CVE-2020-2506: The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.
nvd
CVE-2018-19947MEDIUMCVSS 6.5fixed in 3.0.32020-09-11
CVE-2018-19947 [MEDIUM] CWE-200 CVE-2018-19947: The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this info The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this information exposure vulnerability could disclose sensitive information. QNAP has already fixed the issue in Helpdesk 3.0.3 and later.
nvd
CVE-2018-19946MEDIUMCVSS 5.9fixed in 3.0.32020-09-11
CVE-2018-19946 [MEDIUM] CWE-295 CVE-2018-19946: The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this impr The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this improper certificate validation vulnerability could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. QNAP has already fixed the issue in Helpdesk 3.0.3 and later.
nvd
CVE-2018-19948MEDIUMCVSS 6.5fixed in 3.0.32020-09-11
CVE-2018-19948 [LOW] CWE-352 CVE-2018-19948: The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cros The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cross-site request forgery (CSRF) vulnerability could allow attackers to force NAS users to execute unintentional actions through a web application. QNAP has already fixed the issue in Helpdesk 3.0.3 and later.
nvd
CVE-2020-2500MEDIUMCVSS 6.5fixed in 3.0.12020-07-01
CVE-2020-2500 [CRITICAL] CWE-284 CVE-2020-2500: This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayak This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Attackers can access the sensitive data on QNAP Kayako server with API keys. We have replaced the API key to mitigate the vulnerability, and already fixed the issue in Helpdesk 3.0.1 and later versions.
nvd
CVE-2018-0728HIGHCVSS 7.5fixed in 3.0.02019-12-04
CVE-2018-0728 [HIGH] CWE-269 CVE-2018-0728: This improper access control vulnerability in Helpdesk allows attackers to access the system logs. T This improper access control vulnerability in Helpdesk allows attackers to access the system logs. To fix the vulnerability, QNAP recommend updating QTS and Helpdesk to their latest versions.
nvd
CVE-2018-0714CRITICALCVSS 9.8≤ 1.1.212018-08-13
CVE-2018-0714 [CRITICAL] CWE-77 CVE-2018-0714: Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 2018 Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application.
nvd