安全ID : QSA-24-36
Multiple Vulnerabilities in Notes Station 3
发布日期 : November 23, 2024
通用漏洞披露 : CVE-2024-38643 | CVE-2024-38644 | CVE-2024-38645 | CVE-2024-38646
受影响产品: Notes Station 3 version 3.9.x
严重程度
Important
状态
已解决
Summary
Multiple vulnerabilities have been reported to affect Notes Station 3:
- CVE-2024-38643: If exploited, the missing authentication for critical function vulnerability could allow remote attackers to gain access to the system.
- CVE-2024-38644: If exploited, the command injection vulnerability could allow remote attackers who have gained user access to execute arbitrary commands.
- CVE-2024-38645: If exploited, the server-side request forgery (SSRF) vulnerability could allow remote attackers who have gained user access to read application data.
- CVE-2024-38646: If exploited, the incorrect permission assignment for critical resource vulnerability could allow local attackers who have gained administrator access to gain unauthorized access to data.
We have already fixed the vulnerabilities in the following version:
| Affected Product | Fixed Version |
| Notes Station 3 version 3.9.x | Notes Station 3 version 3.9.7 and later |
Recommendation
To fix the vulnerabilities, we recommend updating Notes Station 3 to the latest version.
Updating Notes Station 3
- Log on to QTS or QuTS hero as an administrator.
- Open App Center and then click
.
A search box appears. - Type "Notes Station 3" and then press ENTER.
Notes Station 3 appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your Notes Station 3 is already up to date. - Click OK.
The application is updated.
附件
致谢: Thomas Fady
修订历史:
V1.0 (November 23, 2024) - Published
