{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-48862","assignerOrgId":"2fd009eb-170a-4625-932b-17a53af1051f","state":"PUBLISHED","assignerShortName":"qnap","dateReserved":"2024-10-09T00:22:57.834Z","datePublished":"2024-11-22T15:31:54.450Z","dateUpdated":"2024-11-22T16:47:06.193Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"QuLog Center","vendor":"QNAP Systems Inc.","versions":[{"lessThan":"1.7.0.831 ( 2024/10/15 )","status":"affected","version":"1.7.x.x","versionType":"custom"},{"lessThan":"1.8.0.888 ( 2024/10/15 )","status":"affected","version":"1.8.x.x","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"Dinh Ho Anh Khoa"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files.<br><br>We have already fixed the vulnerability in the following versions:<br>QuLog Center 1.7.0.831 ( 2024/10/15 ) and later<br>QuLog Center 1.8.0.888 ( 2024/10/15 ) and later<br>"}],"value":"A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files.\n\nWe have already fixed the vulnerability in the following versions:\nQuLog Center 1.7.0.831 ( 2024/10/15 ) and later\nQuLog Center 1.8.0.888 ( 2024/10/15 ) and later"}],"impacts":[{"capecId":"CAPEC-132","descriptions":[{"lang":"en","value":"CAPEC-132"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":8.7,"baseSeverity":"HIGH","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"PASSIVE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-59","description":"CWE-59","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"2fd009eb-170a-4625-932b-17a53af1051f","shortName":"qnap","dateUpdated":"2024-11-22T15:31:54.450Z"},"references":[{"url":"https://www.qnap.com/en/security-advisory/qsa-24-46"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"We have already fixed the vulnerability in the following versions:<br>QuLog Center 1.7.0.831 ( 2024/10/15 ) and later<br>QuLog Center 1.8.0.888 ( 2024/10/15 ) and later<br>"}],"value":"We have already fixed the vulnerability in the following versions:\nQuLog Center 1.7.0.831 ( 2024/10/15 ) and later\nQuLog Center 1.8.0.888 ( 2024/10/15 ) and later"}],"source":{"advisory":"QSA-24-46","discovery":"EXTERNAL"},"title":"QuLog Center","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"affected":[{"vendor":"qnap","product":"qulog_center","cpes":["cpe:2.3:a:qnap:qulog_center:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"1.7.0.0","status":"affected","lessThan":"1.7.0.831","versionType":"custom"},{"version":"1.8.0.0","status":"affected","lessThan":"1.8.0.888","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-22T16:43:22.727496Z","id":"CVE-2024-48862","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-22T16:47:06.193Z"}}]}}