1. Home
  2. CVE Database
  3. CVE-2024-53696
MEDIUM · 4.9

CVE-2024-53696

A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read a...

Vulnerability Description

A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data. We have already fixed the vulnerability in the following versions: QuLog Center 1.7.0.829 ( 2024/10/01 ) and later QuLog Center 1.8.0.888 ( 2024/10/15 ) and later QTS 4.5.4.2957 build 20241119 and later QuTS hero h4.5.4.2956 build 20241119 and later

CVSS Score

4.9

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
QnapQulog Center>= 1.7.0, < 1.7.0.829
QnapQts>= 4.5.1, < 4.5.4.2957
QnapQuts Hero>= h4.5.0, < h4.5.4.2476

Related Weaknesses (CWE)

CWE-918

References

FAQ

What is CVE-2024-53696?

CVE-2024-53696 is a vulnerability with a CVSS score of 4.9 (MEDIUM). A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read a...

How severe is CVE-2024-53696?

CVE-2024-53696 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-53696?

Check the references section above for vendor advisories and patch information. Affected products include: Qnap Qulog Center, Qnap Qts, Qnap Quts Hero.