CVE-2024-50394

EUVD-2024-54222
An improper certificate validation vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.

We have already fixed the vulnerability in the following version:
Helpdesk 3.3.3 and later
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
Affected Products (NVD)
VendorProductVersion
qnaphelpdesk
3.3.1 ≤
𝑥
< 3.3.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.qnap.com/en/security-advisory/qsa-25-05