CVE-2024-21901

{"id": "CVE-2024-21901", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@qnapsecurity.com.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.2}]}, "published": "2024-03-08T17:15:23.060", "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-24-09", "tags": ["Vendor Advisory"], "source": "security@qnapsecurity.com.tw"}, {"url": "https://www.qnap.com/en/security-advisory/qsa-24-09", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@qnapsecurity.com.tw", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nmyQNAPcloud 1.0.52 ( 2023/11/24 ) and later\nQTS 4.5.4.2627 build 20231225 and later\n"}, {"lang": "es", "value": "Se ha informado que una vulnerabilidad de inyecci\u00f3n SQL afecta a myQNAPcloud. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados inyectar c\u00f3digo malicioso a trav\u00e9s de una red. El fabricante ha solucionado la vulnerabilidad en las siguientes versiones: myQNAPcloud 1.0.52 (2023/11/24) y posteriores QTS 4.5.4.2627 compilaci\u00f3n 20231225 y posteriores"}], "lastModified": "2024-11-21T08:55:13.917", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qnap:myqnapcloud:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DEB21F8-E1BF-49B3-9327-4C5DA74909C1", "versionEndExcluding": "1.0.52"}, {"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A029FCE-B575-452B-9C62-2D38B770D0A5", "versionEndExcluding": "4.5.4.2627"}, {"criteria": "cpe:2.3:o:qnap:qts:4.5.4.2627:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "320AEB7E-E07B-42AE-8F71-795A516BA5EA"}], "operator": "OR"}]}], "sourceIdentifier": "security@qnapsecurity.com.tw"}