CVE-2024-38645

A server-side request forgery (SSRF) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to read application data.

We have already fixed the vulnerability in the following version:
Notes Station 3 3.9.7 and later
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
qnapCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
Common Weakness Enumeration
References
https://www.qnap.com/en/security-advisory/qsa-24-36