CVE-2023-47564
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
02/02/2024
Last modified:
09/02/2024
Description
An incorrect permission assignment for critical resource vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network.<br />
<br />
We have already fixed the vulnerability in the following versions:<br />
Qsync Central 4.4.0.15 ( 2024/01/04 ) and later<br />
Qsync Central 4.3.0.11 ( 2024/01/11 ) and later<br />
Impact
Base Score 3.x
8.10
Severity 3.x
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:qnap:qsync_central:*:*:*:*:*:*:*:* | 4.3.0.0 (including) | 4.3.0.11 (excluding) |
cpe:2.3:a:qnap:qsync_central:*:*:*:*:*:*:*:* | 4.4.0.0 (including) | 4.4.0.15 (excluding) |
To consult the complete list of CPE names with products and versions, see this page