CVE-2018-19941 Vulnerability Details

  /     /     /  

CVE-2018-19941 Metadata Quick Info

CVE Published: 31/12/2020 | CVE Updated: 16/09/2024 | CVE Year: 2018
Source: qnap | Vendor: QNAP Systems Inc. | Product: QTS
Status : PUBLISHED

---

CVE-2018-19941 Description

A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-available tools. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.2.1379 build 20200730 (and later)

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-315
CWE Name: CWE-315 Cleartext Storage of Sensitive Information in a Cookie
Source: QNAP Systems Inc.

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).