C411E

Name of the Vulnerable Software and Affected Versions: Qsync Central versions prior to 4.4.0.16 Description: A link following vulnerability has been reported to affect Qsync Central, allowing remote attackers who have gained user access to traverse the file system to unintended locations. Recommendations: For versions prior to 4.4.0.16, update to Qsync Central 4.4.0.16 20240819 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** QTS versions prior to 5.1.8.2823 build 20240712 QTS versions prior to 5.2.0.2802 build 20240620 QuTS hero versions prior to h5.1.8.2823 build 20240712 QuTS hero versions prior to h5.2.0.2802 build 20240620 **Description** The issue is related to a link following vulnerability that could allow remote attackers with user access to traverse the file system to unintended locations. This vulnerability may allow attackers to access sensitive files and execute arbitrary code, potentially leading to privilege escalation. **Recommendations** For QTS versions prior to 5.1.8.2823 build 20240712, update to QTS 5.1.8.2823 build 20240712 or later. For QTS versions prior to 5.2.0.2802 build 20240620, update to QTS 5.2.0.2802 build 20240620 or later. For QuTS hero versions prior to h5.1.8.2823 build 20240712, update to QuTS hero h5.1.8.2823 build 20240712 or later. For QuTS hero versions prior to h5.2.0.2802 build 20240620, update to QuTS hero h5.2.0.2802 build 20240620 or later.

**Name of the Vulnerable Software and Affected Versions** Qsync Central versions prior to 4.3.0.11 Qsync Central versions prior to 4.4.0.15 **Description** The issue is related to an incorrect permission assignment for a critical resource in Qsync Central. This could allow an authenticated user to read or modify the resource via a network. **Recommendations** For Qsync Central versions prior to 4.3.0.11, update to version 4.3.0.11 or later. For Qsync Central versions prior to 4.4.0.15, update to version 4.4.0.15 or later.