{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-13086", "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "state": "PUBLISHED", "assignerShortName": "qnap", "dateReserved": "2024-12-31T09:31:33.890Z", "datePublished": "2025-03-07T16:12:39.065Z", "dateUpdated": "2025-03-07T17:55:56.464Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "QTS", "vendor": "QNAP Systems Inc.", "versions": [{"lessThan": "QTS 5.2.0.2851 build 20240808", "status": "affected", "version": "5.x", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "QuTS hero", "vendor": "QNAP Systems Inc.", "versions": [{"lessThan": "QuTS hero h5.2.0.2851 build 20240808", "status": "affected", "version": "h5.x", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Christoph Kretz"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An exposure of sensitive information vulnerability has been reported to affect product. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.<br><br>We have already fixed the vulnerability in the following version:<br>QTS 5.2.0.2851 build 20240808 and later<br>QuTS hero h5.2.0.2851 build 20240808 and later<br>"}], "value": "An exposure of sensitive information vulnerability has been reported to affect product. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following version:\nQTS 5.2.0.2851 build 20240808 and later\nQuTS hero h5.2.0.2851 build 20240808 and later"}], "impacts": [{"capecId": "CAPEC-575", "descriptions": [{"lang": "en", "value": "CAPEC-575"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap", "dateUpdated": "2025-03-07T16:12:39.065Z"}, "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-25-03"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "We have already fixed the vulnerability in the following version:<br>QTS 5.2.0.2851 build 20240808 and later<br>QuTS hero h5.2.0.2851 build 20240808 and later<br>"}], "value": "We have already fixed the vulnerability in the following version:\nQTS 5.2.0.2851 build 20240808 and later\nQuTS hero h5.2.0.2851 build 20240808 and later"}], "source": {"advisory": "QSA-25-03", "discovery": "EXTERNAL"}, "title": "QTS, QuTS hero", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-07T17:55:44.803699Z", "id": "CVE-2024-13086", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-07T17:55:56.464Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-13086", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-07T17:55:44.803699Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-07T17:55:50.181Z"}}], "cna": {"title": "QTS, QuTS hero", "source": {"advisory": "QSA-25-03", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Christoph Kretz"}], "impacts": [{"capecId": "CAPEC-575", "descriptions": [{"lang": "en", "value": "CAPEC-575"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "QNAP Systems Inc.", "product": "QTS", "versions": [{"status": "affected", "version": "5.x", "lessThan": "QTS 5.2.0.2851 build 20240808", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "QNAP Systems Inc.", "product": "QuTS hero", "versions": [{"status": "affected", "version": "h5.x", "lessThan": "QuTS hero h5.2.0.2851 build 20240808", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "We have already fixed the vulnerability in the following version:\nQTS 5.2.0.2851 build 20240808 and later\nQuTS hero h5.2.0.2851 build 20240808 and later", "supportingMedia": [{"type": "text/html", "value": "We have already fixed the vulnerability in the following version:<br>QTS 5.2.0.2851 build 20240808 and later<br>QuTS hero h5.2.0.2851 build 20240808 and later<br>", "base64": false}]}], "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-25-03"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An exposure of sensitive information vulnerability has been reported to affect product. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following version:\nQTS 5.2.0.2851 build 20240808 and later\nQuTS hero h5.2.0.2851 build 20240808 and later", "supportingMedia": [{"type": "text/html", "value": "An exposure of sensitive information vulnerability has been reported to affect product. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.<br><br>We have already fixed the vulnerability in the following version:<br>QTS 5.2.0.2851 build 20240808 and later<br>QuTS hero h5.2.0.2851 build 20240808 and later<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200"}]}], "providerMetadata": {"orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap", "dateUpdated": "2025-03-07T16:12:39.065Z"}}}, "cveMetadata": {"cveId": "CVE-2024-13086", "state": "PUBLISHED", "dateUpdated": "2025-03-07T17:55:56.464Z", "dateReserved": "2024-12-31T09:31:33.890Z", "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "datePublished": "2025-03-07T16:12:39.065Z", "assignerShortName": "qnap"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An exposure of sensitive information vulnerability has been reported to affect product. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following version:\nQTS 5.2.0.2851 build 20240808 and later\nQuTS hero h5.2.0.2851 build 20240808 and later"}], "id": "CVE-2024-13086", "lastModified": "2025-03-07T17:15:18.430", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@qnapsecurity.com.tw", "type": "Secondary"}]}, "published": "2025-03-07T17:15:18.430", "references": [{"source": "security@qnapsecurity.com.tw", "url": "https://www.qnap.com/en/security-advisory/qsa-25-03"}], "sourceIdentifier": "security@qnapsecurity.com.tw", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@qnapsecurity.com.tw", "type": "Primary"}]}

{}