What is CVE-2018-19947?

CVE-2018-19947 is a medium-severity vulnerability in Qnap Systems Inc. Helpdesk, classified under Information Disclosure. CVSS score: 4.3/10. Published 2020-09-11.

How severe is CVE-2018-19947?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Is CVE-2018-19947 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Qnap Systems Inc. Helpdesk

CVE-2018-19947

The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this information exposure vulnerability could disclose sensitive information. QNAP has already fixed the issue in Helpdesk 3.0.3 and later.

Vulnerability class: Information Disclosure

EPSS: 0.003 (54.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

Qnap Systems Inc. Helpdesk — versions unspecified

Weakness classification (CWE)

Public proof-of-concept exploits

404notf0und/CVE-Flow

References

www.qnap.com/zh-tw/security-advisory/qsa-20-05 (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-19947?: CVE-2018-19947 is a medium-severity vulnerability in Qnap Systems Inc. Helpdesk, classified under Information Disclosure. CVSS score: 4.3/10. Published 2020-09-11.
How severe is CVE-2018-19947?: Medium severity. CVSS v3 base score is 4.3 out of 10.
Is CVE-2018-19947 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.