Lucene search

TwcertCVELIST:CVE-2021-32528

HistoryJul 07, 2021 - 12:00 a.m.

CVE-2021-32528 QSAN Storage Manager - Exposure of Sensitive Information to an Unauthorized Actor

2021-07-0700:00:00

CWE-200

twcert

www.cve.org

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.5%

JSON

Observable behavioral discrepancy vulnerability in QSAN Storage Manager allows remote attackers to obtain the system information without permissions. Suggest contacting with QSAN and refer to recommendations in QSAN Document.

CNA Affected

[
  {
    "product": "Storage Manager",
    "vendor": "QSAN",
    "versions": [
      {
        "lessThan": "3.3.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-4884-fd4cb-1.html

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.5%

JSON

Related for CVELIST:CVE-2021-32528