PT-2025-10109 · Qnap · Qulog Center+2

Aymen Borgi

Published

2025-03-07

Updated

2025-12-06

CVE-2024-53696

CVSS v4.0

5.1

Medium

Vector

AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions QuLog Center versions prior to 1.7.0.829 QuLog Center versions prior to 1.8.0.888 QTS versions prior to 4.5.4.2957 build 20241119 QuTS hero versions prior to 4.5.4.2956 build 20241119

Description A server-side request forgery (SSRF) issue has been identified, which could allow remote attackers with administrator access to read application data.

Recommendations For QuLog Center versions prior to 1.7.0.829, update to version 1.7.0.829 or later. For QuLog Center versions prior to 1.8.0.888, update to version 1.8.0.888 or later. For QTS versions prior to 4.5.4.2957 build 20241119, update to version 4.5.4.2957 build 20241119 or later. For QuTS hero versions prior to 4.5.4.2956 build 20241119, update to version 4.5.4.2956 build 20241119 or later.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2024-53696

Affected Products

Qts

Qulog Center

Quts Hero

PT-2025-10109 · Qnap · Qulog Center+2

CVE-2024-53696

Weakness Enumeration

Related Identifiers

Affected Products

References · 7