Vulnerabilities > CVE-2021-32506 - Absolute Path Traversal vulnerability in Qsan Storage Manager

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

qsan

CWE-36

NVD

Published: 2021-07-07

Updated: 2021-09-20

Summary

Absolute Path Traversal vulnerability in GetImage in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3 .

Vulnerable Configurations

Part	Description	Count
Application	Qsan Qsan Storage Manager -	1

Common Weakness Enumeration (CWE)

CWE-36 - Absolute Path Traversal

References

https://www.twcert.org.tw/tw/cp-132-4862-f8b86-1.html