CVE-2020-2509

Name of the Vulnerable Software and Affected Versions QTS versions prior to 4.5.2.1566 Build 20210202 QTS versions prior to 4.5.1.1495 Build 20201123 QTS versions prior to 4.3.6.1620 Build 20210322 QTS versions prior to 4.3.4.1632 Build 20210324 QTS versions prior to 4.3.3.1624 Build 20210416 QTS versions prior to 4.2.6 Build 20210327 QuTS hero versions prior to h4.5.1.1491 build 20201119

Description A command injection vulnerability has been reported to affect QTS and QuTS hero, allowing attackers to execute arbitrary commands in a compromised application by sending a special HTTP request. This vulnerability is related to the lack of measures to neutralize special elements used in operating system commands.

Recommendations For QTS versions prior to 4.5.2.1566 Build 20210202, update to QTS 4.5.2.1566 Build 20210202 or later. For QTS versions prior to 4.5.1.1495 Build 20201123, update to QTS 4.5.1.1495 Build 20201123 or later. For QTS versions prior to 4.3.6.1620 Build 20210322, update to QTS 4.3.6.1620 Build 20210322 or later. For QTS versions prior to 4.3.4.1632 Build 20210324, update to QTS 4.3.4.1632 Build 20210324 or later. For QTS versions prior to 4.3.3.1624 Build 20210416, update to QTS 4.3.3.1624 Build 20210416 or later. For QTS versions prior to 4.2.6 Build 20210327, update to QTS 4.2.6 Build 20210327 or later. For QuTS hero versions prior to h4.5.1.1491 build 20201119, update to QuTS hero h4.5.1.1491 build 20201119 or later.