Search
Find a vulnerability
Search criteria
2 vulnerabilities found for ragic_cloud_db by qnap
CVE-2021-38681 (GCVE-0-2021-38681)
Vulnerability from nvd – Published: 2021-11-20 01:05 – Updated: 2024-09-16 22:30
VLAI
Title
Reflected XSS Vulnerability in Ragic Cloud DB
Summary
A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic.
Severity
5.3 (Medium)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qnap.com/en/security-advisory/qsa-21-48 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Negocios | Ragic Cloud DB |
Affected:
unspecified , ≤ 3.7.0.1
(custom)
|
Date Public
2021-11-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:19.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-48"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ragic Cloud DB",
"vendor": "Negocios",
"versions": [
{
"lessThanOrEqual": "3.7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-20T01:05:12.000Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-48"
}
],
"source": {
"advisory": "QSA-21-48",
"discovery": "EXTERNAL"
},
"title": "Reflected XSS Vulnerability in Ragic Cloud DB",
"workarounds": [
{
"lang": "en",
"value": "QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic. To secure your device, we recommend uninstalling Ragic Cloud DB until a security patch is available."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2021-11-18T23:43:00.000Z",
"ID": "CVE-2021-38681",
"STATE": "PUBLIC",
"TITLE": "Reflected XSS Vulnerability in Ragic Cloud DB"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ragic Cloud DB",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "3.7.0.1"
}
]
}
}
]
},
"vendor_name": "Negocios"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-21-48",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-21-48"
}
]
},
"source": {
"advisory": "QSA-21-48",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic. To secure your device, we recommend uninstalling Ragic Cloud DB until a security patch is available."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-38681",
"datePublished": "2021-11-20T01:05:12.456Z",
"dateReserved": "2021-08-13T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:30:22.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38681 (GCVE-0-2021-38681)
Vulnerability from cvelistv5 – Published: 2021-11-20 01:05 – Updated: 2024-09-16 22:30
VLAI
Title
Reflected XSS Vulnerability in Ragic Cloud DB
Summary
A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic.
Severity
5.3 (Medium)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qnap.com/en/security-advisory/qsa-21-48 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Negocios | Ragic Cloud DB |
Affected:
unspecified , ≤ 3.7.0.1
(custom)
|
Date Public
2021-11-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:19.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-48"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ragic Cloud DB",
"vendor": "Negocios",
"versions": [
{
"lessThanOrEqual": "3.7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-20T01:05:12.000Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-48"
}
],
"source": {
"advisory": "QSA-21-48",
"discovery": "EXTERNAL"
},
"title": "Reflected XSS Vulnerability in Ragic Cloud DB",
"workarounds": [
{
"lang": "en",
"value": "QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic. To secure your device, we recommend uninstalling Ragic Cloud DB until a security patch is available."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2021-11-18T23:43:00.000Z",
"ID": "CVE-2021-38681",
"STATE": "PUBLIC",
"TITLE": "Reflected XSS Vulnerability in Ragic Cloud DB"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ragic Cloud DB",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "3.7.0.1"
}
]
}
}
]
},
"vendor_name": "Negocios"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-21-48",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-21-48"
}
]
},
"source": {
"advisory": "QSA-21-48",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic. To secure your device, we recommend uninstalling Ragic Cloud DB until a security patch is available."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-38681",
"datePublished": "2021-11-20T01:05:12.456Z",
"dateReserved": "2021-08-13T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:30:22.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}