Technical Severity
HIGHCVSS v3.1 Metrics
7.3
/ 10
Minimal Risk
Critical
Vector Specification
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitation Likelihood
EPSS Prediction
1.98
%
Predictive Probability
Percentile Rank
78.2
th
Documented as more likely to be exploited than 78.2% of known CVEs.
Detection Date
Mar 25, 2022
Remediation Due
Apr 15, 2022
CISA Catalog Active
Threat Analysis
QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to read sensitive information.
Remediation Directive
Apply updates per vendor instructions.