PT-2021-19742 · Qsan · Qsan Storage Manager
Published
2021-07-07
·
Updated
2022-08-04
·
CVE-2021-32517
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
QSAN Storage Manager versions prior to 3.3.3
Description:
The issue is related to improper access control in the share link feature of QSAN Storage Manager, allowing remote attackers to download arbitrary files by exploiting a particular parameter in the download function.
Recommendations:
For versions prior to 3.3.3, update to version 3.3.3 to resolve the issue. As a temporary workaround, consider restricting access to the download function or the share link feature until the update is applied.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qsan Storage Manager