CVE-2021-44052

Name of the Vulnerable Software and Affected Versions QuTS hero versions prior to h4.5.4.1971 build 20220310 QuTS hero versions prior to h5.0.0.1986 build 20220324 QTS versions prior to 4.2.6 build 20220304 QTS versions prior to 4.3.3.1945 build 20220303 QTS versions prior to 4.3.4.1976 build 20220303 QTS versions prior to 4.3.6.1965 build 20220302 QTS versions prior to 4.5.4.1991 build 20220329 QTS versions prior to 5.0.0.1986 build 20220324 QuTScloud versions prior to c5.0.1.1998

Description The issue is related to an improper link resolution before file access, which can be exploited by a remote attacker to traverse the file system to unintended locations and read or overwrite the contents of unexpected files, thus affecting the confidentiality and integrity of information.

Recommendations For QuTS hero version prior to h4.5.4.1971 build 20220310, update to QuTS hero h4.5.4.1971 build 20220310 or later. For QuTS hero version prior to h5.0.0.1986 build 20220324, update to QuTS hero h5.0.0.1986 build 20220324 or later. For QTS version prior to 4.2.6 build 20220304, update to QTS 4.2.6 build 20220304 or later. For QTS version prior to 4.3.3.1945 build 20220303, update to QTS 4.3.3.1945 build 20220303 or later. For QTS version prior to 4.3.4.1976 build 20220303, update to QTS 4.3.4.1976 build 20220303 or later. For QTS version prior to 4.3.6.1965 build 20220302, update to QTS 4.3.6.1965 build 20220302 or later. For QTS version prior to 4.5.4.1991 build 20220329, update to QTS 4.5.4.1991 build 20220329 or later. For QTS version prior to 5.0.0.1986 build 20220324, update to QTS 5.0.0.1986 build 20220324 or later. For QuTScloud version prior to c5.0.1.1998, update to QuTScloud c5.0.1.1998 or later.