Lucene search

TwcertCVELIST:CVE-2021-32510

HistoryJul 07, 2021 - 2:11 p.m.

CVE-2021-32510 QSAN Storage Manager - Exposure of Information Through Directory Listing Following via Antivirus function

2021-07-0714:11:45

CWE-548

twcert

www.cve.org

qsan storage manager

directory listing

vulnerability

antivirus function

remote attackers

authenticated

fixed version

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

37.0%

JSON

QSAN Storage Manager through directory listing vulnerability in antivirus function allows remote authenticated attackers to list arbitrary directories by injecting file path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.

CNA Affected

[
  {
    "product": "Storage Manager",
    "vendor": "QSAN",
    "versions": [
      {
        "lessThanOrEqual": "3.3.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-4866-b820b-1.html

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

37.0%

JSON

Related for CVELIST:CVE-2021-32510