Security ID : NAS-201804-27

Security Advisory for XSS Vulnerabiltiy in QTS


  • Release date : April 27, 2018

  • CVE identifier : CVE-2018-0711

  • Affected products: QTS 4.3.3: build 20180126 and earlier versions
    QTS 4.3.4: build 20180315 and earlier versions

Severity

Moderate

Status

Resolved


Summary

A cross-site scripting vulnerability has been reported to affect QTS 4.3.3 build 20180126, 4.3.4 build 20180315, and earlier versions.

If successfully exploited, the vulnerability may allow remote attackers to inject malicious code in the application.

We have already fixed this issue in the following QTS versions.

  • QTS 4.3.3: build 20180402 and later
  • QTS 4.3.4: build 20180413 and later

Recommendation

To fix these vulnerabilities, you must update QTS to the following versions.

  • QTS 4.3.3: build 20180402 or later
  • QTS 4.3.4: build 20180413 or later

Installing the QTS Update

  1. Log on to QTS as administrator.
  2. Go to Control Panel > System > Firmware Update.
  3. Under Live Update, click Check for Update.
    QTS downloads and installs the latest available update.

 

Acknowledgements: louys, Xie Wei(解炜)and Li Yanlong(李衍龙)

Revision History: V1.0 (April 27, 2018) - Published

Wählen Sie die Spezifikation

      Mehr anzeigen Weniger

      Diese Seite in anderen Ländern / Regionen:

      open menu
      back to top