{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-48862", "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "state": "PUBLISHED", "assignerShortName": "qnap", "dateReserved": "2024-10-09T00:22:57.834Z", "datePublished": "2024-11-22T15:31:54.450Z", "dateUpdated": "2024-11-22T16:47:06.193Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "QuLog Center", "vendor": "QNAP Systems Inc.", "versions": [{"lessThan": "1.7.0.831 ( 2024/10/15 )", "status": "affected", "version": "1.7.x.x", "versionType": "custom"}, {"lessThan": "1.8.0.888 ( 2024/10/15 )", "status": "affected", "version": "1.8.x.x", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Dinh Ho Anh Khoa"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files.<br><br>We have already fixed the vulnerability in the following versions:<br>QuLog Center 1.7.0.831 ( 2024/10/15 ) and later<br>QuLog Center 1.8.0.888 ( 2024/10/15 ) and later<br>"}], "value": "A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files.\n\nWe have already fixed the vulnerability in the following versions:\nQuLog Center 1.7.0.831 ( 2024/10/15 ) and later\nQuLog Center 1.8.0.888 ( 2024/10/15 ) and later"}], "impacts": [{"capecId": "CAPEC-132", "descriptions": [{"lang": "en", "value": "CAPEC-132"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-59", "description": "CWE-59", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap", "dateUpdated": "2024-11-22T15:31:54.450Z"}, "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-24-46"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "We have already fixed the vulnerability in the following versions:<br>QuLog Center 1.7.0.831 ( 2024/10/15 ) and later<br>QuLog Center 1.8.0.888 ( 2024/10/15 ) and later<br>"}], "value": "We have already fixed the vulnerability in the following versions:\nQuLog Center 1.7.0.831 ( 2024/10/15 ) and later\nQuLog Center 1.8.0.888 ( 2024/10/15 ) and later"}], "source": {"advisory": "QSA-24-46", "discovery": "EXTERNAL"}, "title": "QuLog Center", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "qnap", "product": "qulog_center", "cpes": ["cpe:2.3:a:qnap:qulog_center:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.7.0.0", "status": "affected", "lessThan": "1.7.0.831", "versionType": "custom"}, {"version": "1.8.0.0", "status": "affected", "lessThan": "1.8.0.888", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-22T16:43:22.727496Z", "id": "CVE-2024-48862", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-22T16:47:06.193Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-48862", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-22T16:43:22.727496Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:qnap:qulog_center:-:*:*:*:*:*:*:*"], "vendor": "qnap", "product": "qulog_center", "versions": [{"status": "affected", "version": "1.7.0.0", "lessThan": "1.7.0.831", "versionType": "custom"}, {"status": "affected", "version": "1.8.0.0", "lessThan": "1.8.0.888", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-22T16:47:02.141Z"}}], "cna": {"title": "QuLog Center", "source": {"advisory": "QSA-24-46", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Dinh Ho Anh Khoa"}], "impacts": [{"capecId": "CAPEC-132", "descriptions": [{"lang": "en", "value": "CAPEC-132"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "QNAP Systems Inc.", "product": "QuLog Center", "versions": [{"status": "affected", "version": "1.7.x.x", "lessThan": "1.7.0.831 ( 2024/10/15 )", "versionType": "custom"}, {"status": "affected", "version": "1.8.x.x", "lessThan": "1.8.0.888 ( 2024/10/15 )", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "We have already fixed the vulnerability in the following versions:\nQuLog Center 1.7.0.831 ( 2024/10/15 ) and later\nQuLog Center 1.8.0.888 ( 2024/10/15 ) and later", "supportingMedia": [{"type": "text/html", "value": "We have already fixed the vulnerability in the following versions:<br>QuLog Center 1.7.0.831 ( 2024/10/15 ) and later<br>QuLog Center 1.8.0.888 ( 2024/10/15 ) and later<br>", "base64": false}]}], "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-24-46"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files.\n\nWe have already fixed the vulnerability in the following versions:\nQuLog Center 1.7.0.831 ( 2024/10/15 ) and later\nQuLog Center 1.8.0.888 ( 2024/10/15 ) and later", "supportingMedia": [{"type": "text/html", "value": "A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files.<br><br>We have already fixed the vulnerability in the following versions:<br>QuLog Center 1.7.0.831 ( 2024/10/15 ) and later<br>QuLog Center 1.8.0.888 ( 2024/10/15 ) and later<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-59", "description": "CWE-59"}]}], "providerMetadata": {"orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap", "dateUpdated": "2024-11-22T15:31:54.450Z"}}}, "cveMetadata": {"cveId": "CVE-2024-48862", "state": "PUBLISHED", "dateUpdated": "2024-11-22T16:47:06.193Z", "dateReserved": "2024-10-09T00:22:57.834Z", "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "datePublished": "2024-11-22T15:31:54.450Z", "assignerShortName": "qnap"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qnap:qulog_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "19E405B4-079C-4AA3-8B9A-EA0327AB6953", "versionEndExcluding": "1.7.0.831", "versionStartIncluding": "1.7.0.800", "vulnerable": true}, {"criteria": "cpe:2.3:a:qnap:qulog_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "E7E8EFC1-F358-4C48-B881-CA5918B10170", "versionEndExcluding": "1.8.0.888", "versionStartIncluding": "1.8.0.872", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files.\n\nWe have already fixed the vulnerability in the following versions:\nQuLog Center 1.7.0.831 ( 2024/10/15 ) and later\nQuLog Center 1.8.0.888 ( 2024/10/15 ) and later"}, {"lang": "es", "value": "Se ha informado de una vulnerabilidad relacionada con el seguimiento de enlaces que afecta a QuLog Center. Si se explota, la vulnerabilidad podr\u00eda permitir a atacantes remotos atravesar el sistema de archivos hasta ubicaciones no deseadas y leer o sobrescribir el contenido de archivos inesperados. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QuLog Center 1.7.0.831 (2024/10/15) y posteriores QuLog Center 1.8.0.888 (2024/10/15) y posteriores"}], "id": "CVE-2024-48862", "lastModified": "2025-12-08T19:18:50.053", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@qnapsecurity.com.tw", "type": "Secondary"}]}, "published": "2024-11-22T16:15:28.623", "references": [{"source": "security@qnapsecurity.com.tw", "tags": ["Vendor Advisory"], "url": "https://www.qnap.com/en/security-advisory/qsa-24-46"}], "sourceIdentifier": "security@qnapsecurity.com.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "security@qnapsecurity.com.tw", "type": "Secondary"}]}

{}

{}