CVE-2024-13086

Summary

An exposure of sensitive information vulnerability has been reported to affect product. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.

We have already fixed the vulnerability in the following version: QTS 5.2.0.2851 build 20240808 and later QuTS hero h5.2.0.2851 build 20240808 and later

Affected Software

VendorProductVersion RangeStatus
QNAP Systems Inc.QTS5.x < QTS 5.2.0.2851 build 20240808affected
QNAP Systems Inc.QuTS heroh5.x < QuTS hero h5.2.0.2851 build 20240808affected

Weaknesses

  • CWE-200: CWE-200

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References