Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2018-19957
HistorySep 10, 2021 - 4:15 a.m.

CVE-2018-19957

2021-09-1004:15:08
CWE-1021
[email protected]
web.nvd.nist.gov
5
vulnerability
qnap nas
http security headers
remote attackers
privacy attacks
security attacks
qts
quts hero
qutscloud

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

47.6%

JSON

A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability allows remote attackers to launch privacy and security attacks. We have already fixed this vulnerability in the following versions: QTS 4.5.4.1715 build 20210630 and later QuTS hero h4.5.4.1771 build 20210825 and later QuTScloud c4.5.6.1755 build 20210809 and later

Affected configurations

Nvd
Node
qnapqtsRange<4.5.4.1715
OR
qnapquts_heroRange<h4.5.4.1771
OR
qnapqutscloudRange<c4.5.6.1755
VendorProductVersionCPE
qnapqts*cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*
qnapquts_hero*cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*
qnapqutscloud*cpe:2.3:o:qnap:qutscloud:*:*:*:*:*:*:*:*

Related

nessus 1
openvas 1
cvelist 1
cve 1
prion 1
nessus
nessus
QNAP QTS / QuTS hero Insufficient HTTP Security Headers (QSA-21-03)
2022-04-07 00:00:00
openvas
openvas
QNAP QTS HTTP Security Header Vulnerability (QSA-21-03)
2021-09-13 00:00:00
cvelist
cvelist
CVE-2018-19957 Insufficient HTTP Security Headers in QTS, QuTS hero, and QuTScloud
2021-09-10 04:00:18
cve
cve
CVE-2018-19957
2021-09-10 04:15:08
prion
prion
Design/Logic Flaw
2021-09-10 04:15:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

47.6%

JSON
Related for NVD:CVE-2018-19957
nessus1openvas1cvelist1cve1prion1