CVE-2021-38693

Name of the Vulnerable Software and Affected Versions QuTScloud versions prior to c5.0.1.1949 QuTS hero versions prior to h5.0.0.1949 build 20220215 and h4.5.4.1951 build 20220218 QTS versions prior to 5.0.0.1986 build 20220324 and 4.5.4.1991 build 20220329 QVR Pro Appliance (affected versions not specified)

Description A path traversal vulnerability has been reported, allowing attackers to read the contents of unexpected files and expose sensitive data. The issue is related to insufficient directory path name restrictions in the QTS and QuTS hero operating systems. If exploited, this vulnerability can allow a remote attacker to impact the confidentiality of information.

Recommendations For QuTScloud versions prior to c5.0.1.1949, update to QuTScloud c5.0.1.1949 or later. For QuTS hero versions prior to h5.0.0.1949 build 20220215, update to QuTS hero h5.0.0.1949 build 20220215 or later. For QuTS hero versions prior to h4.5.4.1951 build 20220218, update to QuTS hero h4.5.4.1951 build 20220218 or later. For QTS versions prior to 5.0.0.1986 build 20220324, update to QTS 5.0.0.1986 build 20220324 or later. For QTS versions prior to 4.5.4.1991 build 20220329, update to QTS 4.5.4.1991 build 20220329 or later. For QVR Pro Appliance, at the moment, there is no information about a newer version that contains a fix for this vulnerability.