Vulnerabilities > Qstar > Archive Storage Manager > 3.0

DATE CVE VULNERABILITY TITLE RISK
2024-01-13 CVE-2023-51062 Missing Authentication for Critical Function vulnerability in Qstar Archive Storage Manager 30
An unauthenticated log file read in the component log-smblog-save of QStar Archive Solutions RELEASE_3-0 Build 7 Patch 0 allows attackers to disclose the SMB Log contents via executing a crafted command.
network
low complexity
qstar CWE-306
5.3
5.3
2024-01-13 CVE-2023-51063 Cross-site Scripting vulnerability in Qstar Archive Storage Manager 30
QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based Reflected Cross Site Scripting (XSS) vulnerability within the component qnme-ajax?method=tree_level.
network
low complexity
qstar CWE-79
8.8
8.8
2024-01-13 CVE-2023-51064 Cross-site Scripting vulnerability in Qstar Archive Storage Manager 30
QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based reflected XSS vulnerability within the component qnme-ajax?method=tree_table.
network
low complexity
qstar CWE-79
6.1
6.1
2024-01-13 CVE-2023-51065 Unspecified vulnerability in Qstar Archive Storage Manager 30
Incorrect access control in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to obtain system backups and other sensitive information from the QStar Server.
network
low complexity
qstar
7.5
7.5
2024-01-13 CVE-2023-51066 Code Injection vulnerability in Qstar Archive Storage Manager 30
An authenticated remote code execution vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows attackers to arbitrarily execute commands.
network
low complexity
qstar CWE-94
8.8
8.8
2024-01-13 CVE-2023-51067 Cross-site Scripting vulnerability in Qstar Archive Storage Manager 30
An unauthenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link.
network
low complexity
qstar CWE-79
6.1
6.1
2024-01-13 CVE-2023-51068 Cross-site Scripting vulnerability in Qstar Archive Storage Manager 30
An authenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link.
network
low complexity
qstar CWE-79
5.4
5.4
2024-01-13 CVE-2023-51070 Unspecified vulnerability in Qstar Archive Storage Manager 30
An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily adjust sensitive SMB settings on the QStar Server.
network
low complexity
qstar
7.5
7.5
2024-01-13 CVE-2023-51071 Unspecified vulnerability in Qstar Archive Storage Manager 30
An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily disable the SMB service on a victim's Qstar instance by executing a specific command in a link.
network
low complexity
qstar
6.5
6.5