Search

Security ID : QSA-20-03

Improper Access Control in Helpdesk

  • Release date : June 24, 2020

  • CVE identifier : CVE-2020-2500

  • Affected products: Helpdesk

Severity

Critical

Status

Resolved

Summary

This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Attackers can access the sensitive data on QNAP Kayako server with API keys. We have replaced the API key to mitigate the vulnerability, and already fixed the issue in Helpdesk 3.0.1 and later versions.

Recommendation

To fix the vulnerability, we strongly recommend updating Helpdesk to the latest version.

Updating Helpdesk

  1. Log on to QTS as administrator.
  2. Open the App Center, and then click .
    A search box appears.
  3. Type “Helpdesk”, and then press ENTER.

    The Helpdesk application appears in the search result list.

  4. Click Update.

    A confirmation message appears.

    Note: The Update button is not available if you are using the latest version.

  5. Click OK.

    The application is updated.

Acknowledgements: Yoni Ramon, security researcher

Revision History: V1.0 (June 24, 2020) - Published

Wählen Sie die Spezifikation

      Mehr anzeigen Weniger

      Diese Seite in anderen Ländern / Regionen:

      open menu
      back to top