CVE-2024-38645 CRITICAL

CVE-2024-38645: Notes Station 3

Vendor Qnap Systems Inc.

Product Notes Station 3

Weakness CWE-918 · SSRF

Published November 22, 2024

Last update November 22, 2024

View on NVD All CVEs

CVSS base score

9.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

A server-side request forgery (SSRF) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to read application data. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later

Key dates

02Disclosure timeline

November 22, 2024 CVE published

November 22, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-38645

Related vulnerabilities

Identifiers

CVE CVE-2024-38645

CWE CWE-918

CVSS 9.4 / CRITICAL

Affected versions