Unrated severityNVD Advisory· Published Jul 1, 2020· Updated Aug 4, 2024
CVE-2020-2500
CVE-2020-2500
Description
This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Attackers can access the sensitive data on QNAP Kayako server with API keys. We have replaced the API key to mitigate the vulnerability, and already fixed the issue in Helpdesk 3.0.1 and later versions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- QNAP Systems Inc./Helpdeskv5Range: unspecified
Patches
Vulnerability mechanics
References
1- www.qnap.com/zh-tw/security-advisory/qsa-20-03mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.