CVE-2021-32508

Name of the Vulnerable Software and Affected Versions: QSAN Storage Manager versions prior to 3.3.3

Description: The issue allows remote authenticated attackers to access arbitrary files by injecting a Symbolic Link following the Url path parameter in the FileStreaming component. This enables attackers to traverse the file system and access files that would otherwise be restricted.

Recommendations: For versions prior to 3.3.3, update to version 3.3.3 to resolve the issue. As a temporary workaround, consider restricting access to the FileStreaming component until the update can be applied. Avoid using the Url path parameter in the affected FileStreaming component until the issue is resolved.