安全ID : QSA-21-49
CSRF Vulnerability in QmailAgent
发布日期 : November 19, 2021
通用漏洞披露 : CVE-2021-34358
受影响产品: QNAP NAS running QmailAgent
严重程度
Moderate
状态
已解决
Summary
A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP NAS running QmailAgent. If exploited, this vulnerability allows remote attackers to trick a victim into performing unintended actions on the web application while the victim is logged in.
We have already fixed this vulnerability in the following versions of QmailAgent:
- QmailAgent 3.0.2 (2021/08/25) and later
Recommendation
To fix the vulnerability, we recommend updating QmailAgent to the latest version.
Updating QmailAgent
- Log on to QTS or QuTS hero as administrator.
- Open the App Center and then click
.
A search box appears. - Type "QmailAgent" and then press ENTER.
QmailAgent appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your QmailAgent is already up to date. - Click OK.
The application is updated.
致谢: Tony Martin, a security researcher
修订历史: V1.0 (November 19, 2021) - Published
