GCVE - cpe:2.3:a:qnap_systems_inc.:helpdesk:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:qnap_systems_inc.:helpdesk:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Qnap Systems Inc. (`1f66ac1e-0889-51bf-b27f-24c7175e5920`)
Product	Helpdesk (`9b79160c-1875-5e89-a2e1-16bed685973b`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-50394`	vulnerable	2026-06-03 14:57:24.166591	Helpdesk An improper certificate validation vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following version: Helpdesk 3.3.3 and later Published: 2025-03-07T16:13:11.034Z Updated: 2025-03-07T18:02:58.278Z Open on db.gcve.eu Reference links https://www.qnap.com/en/security-advisory/qsa-25-05	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-27125`	vulnerable	2026-06-03 14:55:16.681287	Helpdesk LOW (3.5) A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following version: Helpdesk 3.3.1 and later Published: 2024-09-06T16:27:17.757Z Updated: 2024-09-06T17:33:18.291Z Open on db.gcve.eu Reference links https://www.qnap.com/en/security-advisory/qsa-24-29	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-28814`	vulnerable	2026-06-03 14:44:18.826838	Improper Access Control Vulnerability in Helpdesk HIGH (8.8) An improper access control vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows remote attackers to compromise the security of the software. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.4. Published: 2021-06-11T06:35:15.709Z Updated: 2024-09-17T03:58:40.524Z Open on db.gcve.eu Reference links https://www.qnap.com/zh-tw/security-advisory/qsa-21-25	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-2507`	vulnerable	2026-06-03 14:42:30.466106	command injection vulnerability in Helpdesk CRITICAL (9.8) The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3. Published: 2021-02-03T15:51:16.772Z Updated: 2024-09-16T19:40:15.957Z Open on db.gcve.eu Reference links https://www.qnap.com/zh-tw/security-advisory/qsa-20-08	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-2506`	vulnerable	2026-06-03 14:42:30.465762	improper access control vulnerability in Helpdesk HIGH (7.3) The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3. Published: 2021-02-03T15:51:38.031Z Updated: 2025-10-21T23:35:29.111Z Open on db.gcve.eu Reference links https://www.qnap.com/zh-tw/security-advisory/qsa-20-08	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-2500`	vulnerable	2026-06-03 14:42:30.456077	Details available CRITICAL (9.8) This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Attackers can access the sensitive data on QNAP Kayako server with API keys. We have replaced the API key to mitigate the vulnerability, and already fixed the issue in Helpdesk 3.0.1 and later versions. Published: 2020-07-01T15:53:50.000Z Updated: 2024-08-04T07:09:54.662Z Open on db.gcve.eu Reference links https://www.qnap.com/zh-tw/security-advisory/qsa-20-03	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-19948`	vulnerable	2026-06-03 14:38:29.902476	Details available LOW (2) The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cross-site request forgery (CSRF) vulnerability could allow attackers to force NAS users to execute unintentional actions through a web application. QNAP has already fixed the issue in Helpdesk 3.0.3 and later. Published: 2020-09-11T14:12:56.000Z Updated: 2024-08-05T11:51:17.945Z Open on db.gcve.eu Reference links https://www.qnap.com/zh-tw/security-advisory/qsa-20-05	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-19947`	vulnerable	2026-06-03 14:38:29.902123	Details available MEDIUM (4.3) The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this information exposure vulnerability could disclose sensitive information. QNAP has already fixed the issue in Helpdesk 3.0.3 and later. Published: 2020-09-11T14:14:21.000Z Updated: 2024-08-05T11:51:17.675Z Open on db.gcve.eu Reference links https://www.qnap.com/zh-tw/security-advisory/qsa-20-05	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-19946`	vulnerable	2026-06-03 14:38:29.901122	Details available MEDIUM (4.2) The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this improper certificate validation vulnerability could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. QNAP has already fixed the issue in Helpdesk 3.0.3 and later. Published: 2020-09-11T14:14:45.000Z Updated: 2024-08-05T11:51:17.920Z Open on db.gcve.eu Reference links https://www.qnap.com/zh-tw/security-advisory/qsa-20-05	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.