{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"QuTS hero versions ant\u00e9rieures \u00e0 h4.5.1.1472 build 20201031","product":{"name":"QuTS hero","vendor":{"name":"Qnap","scada":false}}},{"description":"Photo Station pour QTS 4.5.1 et QTS 4.4.3 versions ant\u00e9rieures \u00e0 6.0.12","product":{"name":"QTS","vendor":{"name":"Qnap","scada":false}}},{"description":"QTS versions ant\u00e9rieures \u00e0 4.3.6.1333 build 20200608","product":{"name":"QTS","vendor":{"name":"Qnap","scada":false}}},{"description":"Photo Station pour QTS 4.3.4 versions ant\u00e9rieures \u00e0 5.7.13","product":{"name":"QTS","vendor":{"name":"Qnap","scada":false}}},{"description":"QTS versions ant\u00e9rieures \u00e0 4.3.4.1368 build 20200703","product":{"name":"QTS","vendor":{"name":"Qnap","scada":false}}},{"description":"QTS versions ant\u00e9rieures \u00e0 4.3.3.1315 build 20200611","product":{"name":"QTS","vendor":{"name":"Qnap","scada":false}}},{"description":"Music Station pour QTS 4.5.1 et QTS 4.4.3 versions ant\u00e9rieures \u00e0 5.3.12","product":{"name":"QTS","vendor":{"name":"Qnap","scada":false}}},{"description":"Photo Station pour QTS 4.3.3 versions ant\u00e9rieures \u00e0 5.4.10","product":{"name":"QTS","vendor":{"name":"Qnap","scada":false}}},{"description":"Music Station pour QuTS hero h4.5.1 versions ant\u00e9rieures \u00e0 5.3.13","product":{"name":"QuTS hero","vendor":{"name":"Qnap","scada":false}}},{"description":"Photo Station pour QTS 4.2.6 versions ant\u00e9rieures \u00e0 5.2.11","product":{"name":"QTS","vendor":{"name":"Qnap","scada":false}}},{"description":"QTS versions ant\u00e9rieures \u00e0 4.2.6 build 20200611","product":{"name":"QTS","vendor":{"name":"Qnap","scada":false}}},{"description":"QTS versions ant\u00e9rieures \u00e0 4.4.3.1354 build 20200702","product":{"name":"QTS","vendor":{"name":"Qnap","scada":false}}},{"description":"QTS versions ant\u00e9rieures \u00e0 4.5.1.1456 build 20201015","product":{"name":"QTS","vendor":{"name":"Qnap","scada":false}}},{"description":"Multimedia Console versions ant\u00e9rieures \u00e0 1.1.5","product":{"name":"N/A","vendor":{"name":"Qnap","scada":false}}},{"description":"Photo Station pour QTS 4.3.6 versions ant\u00e9rieures \u00e0 5.7.12","product":{"name":"QTS","vendor":{"name":"Qnap","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2020-2497","url":"https://www.cve.org/CVERecord?id=CVE-2020-2497"},{"name":"CVE-2019-7198","url":"https://www.cve.org/CVERecord?id=CVE-2019-7198"},{"name":"CVE-2020-2494","url":"https://www.cve.org/CVERecord?id=CVE-2020-2494"},{"name":"CVE-2020-2496","url":"https://www.cve.org/CVERecord?id=CVE-2020-2496"},{"name":"CVE-2020-2498","url":"https://www.cve.org/CVERecord?id=CVE-2020-2498"},{"name":"CVE-2020-2491","url":"https://www.cve.org/CVERecord?id=CVE-2020-2491"},{"name":"CVE-2020-2493","url":"https://www.cve.org/CVERecord?id=CVE-2020-2493"},{"name":"CVE-2020-2495","url":"https://www.cve.org/CVERecord?id=CVE-2020-2495"}],"links":[],"reference":"CERTFR-2020-AVI-793","revisions":[{"description":"Version initiale","revision_date":"2020-12-07T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Ex\u00e9cution de code arbitraire"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans QNAP QTS et QuTS\nhero. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire et une injection de code indirecte \u00e0 distance (XSS).\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans QNAP QTS et QuTS hero","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 QNAP qsa-20-14 du 7 d\u00e9cembre 2020","url":"https://www.qnap.com/fr-fr/security-advisory/qsa-20-14"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 QNAP qsa-20-12 du 7 d\u00e9cembre 2020","url":"https://www.qnap.com/fr-fr/security-advisory/qsa-20-12"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 QNAP qsa-20-15 du 7 d\u00e9cembre 2020","url":"https://www.qnap.com/fr-fr/security-advisory/qsa-20-15"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 QNAP qsa-20-13 du 7 d\u00e9cembre 2020","url":"https://www.qnap.com/fr-fr/security-advisory/qsa-20-13"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 QNAP qsa-20-16 du 7 d\u00e9cembre 2020","url":"https://www.qnap.com/fr-fr/security-advisory/qsa-20-16"}]}