Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-34358: CSRF Vulnerability in QmailAgent - Security Advisory

We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0.2 ( 2021/08/25 ) and later

CVE
#csrf#vulnerability#web

<< Back to Security Advisory List

  • Release date: November 19, 2021
  • Security ID: QSA-21-49
  • Severity: Medium
  • CVE identifier: CVE-2021-34358
  • Affected products: QNAP NAS running QmailAgent
  • Status: Resolved

Summary

A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP NAS running QmailAgent. If exploited, this vulnerability allows remote attackers to trick a victim into performing unintended actions on the web application while the victim is logged in.

We have already fixed this vulnerability in the following versions of QmailAgent:

  • QmailAgent 3.0.2 (2021/08/25) and later

Recommendation

To fix the vulnerability, we recommend updating QmailAgent to the latest version.

Updating QmailAgent

  1. Log on to QTS or QuTS hero as administrator.
  2. Open the App Center and then click .
    A search box appears.
  3. Type “QmailAgent” and then press ENTER.
    QmailAgent appears in the search results.
  4. Click Update.
    A confirmation message appears.
    Note: The Update button is not available if your QmailAgent is already up to date.
  5. Click OK.
    The application is updated.

Acknowledgements: Tony Martin, a security researcher

Revision History: V1.0 (November 19, 2021) - Published

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907