Lucene search

[email protected]CVE-2018-19953

HistoryOct 28, 2020 - 6:15 p.m.

CVE-2018-19953

2020-10-2818:15:12

CWE-80

CWE-79

[email protected]

web.nvd.nist.gov

819

In Wild

cve-2018-19953

cross-site scripting

vulnerability

qnap

qts

security fix

remote code injection

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.1%

JSON

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.

Affected configurations

NVD

Node

qnapqtsRange<4.2.6

qnapqtsRange4.3.1.0013–4.3.3.1161

qnapqtsRange4.3.4–4.3.4.1190

qnapqtsRange4.3.6–4.3.6.1218

qnapqtsRange4.4.0–4.4.1.1201

qnapqtsRange4.4.2–4.4.2.1231

qnapqtsMatch4.2.6-

qnapqtsMatch4.2.6build_20170517

qnapqtsMatch4.2.6build_20190322

qnapqtsMatch4.2.6build_20190730

qnapqtsMatch4.2.6build_20190921

qnapqtsMatch4.2.6build_20191107

CPENameOperatorVersion
qnap:qtsqnap qtslt4.2.6
qnap:qtsqnap qtslt4.3.3.1161
qnap:qtsqnap qtslt4.3.4.1190
qnap:qtsqnap qtslt4.3.6.1218
qnap:qtsqnap qtslt4.4.1.1201
qnap:qtsqnap qtslt4.4.2.1231

CPE	Name	Operator	Version
qnap:qts	qnap qts	lt	4.2.6
qnap:qts	qnap qts	lt	4.3.3.1161
qnap:qts	qnap qts	lt	4.3.4.1190
qnap:qts	qnap qts	lt	4.3.6.1218
qnap:qts	qnap qts	lt	4.4.1.1201
qnap:qts	qnap qts	lt	4.4.2.1231

CNA Affected

[
  {
    "platforms": [
      "build 20200302"
    ],
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.4.2.1231",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "build 20200130"
    ],
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.4.1.1201",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "build 20200214"
    ],
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.3.6.1218",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "build 20200107"
    ],
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.3.4.1190",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "build 20200109"
    ],
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.3.3.1161",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "4.2.6",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]