An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.1.673 and later
History

Fri, 06 Dec 2024 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Qnap
Qnap hbs 3
CPEs cpe:2.3:a:qnap:hbs_3:*:*:*:*:*:*:*:*
Vendors & Products Qnap
Qnap hbs 3
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 06 Dec 2024 16:45:00 +0000

Type Values Removed Values Added
Description An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.1.673 and later
Title HBS 3 Hybrid Backup Sync
Weaknesses CWE-77
CWE-78
References
Metrics cvssV4_0

{'score': 9.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: qnap

Published: 2024-12-06T16:35:07.434Z

Updated: 2024-12-06T19:59:55.053Z

Reserved: 2024-10-24T03:41:08.489Z

Link: CVE-2024-50388

cve-icon Vulnrichment

Updated: 2024-12-06T19:59:47.778Z

cve-icon NVD

Status : Received

Published: 2024-12-06T17:15:09.373

Modified: 2024-12-06T17:15:09.373

Link: CVE-2024-50388

cve-icon Redhat

No data.