CVE-2021-32508 – QSAN Storage Manager - UNIX Symbolic Link (Symlink) Following via FileStreaming function
https://notcve.org/view.php?id=CVE-2021-32508
Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. La vulnerabilidad Absolute Path Traversal en FileStreaming en QSAN Storage Manager permite a los atacantes remotos autentificados acceder a archivos arbitrarios inyectando el Symbolic Link siguiendo el parámetro Url path. La referida vulnerabilidad ha sido resuelta con la versión actualizada de QSAN Storage Manager versión v3.3.3 • https://www.twcert.org.tw/tw/cp-132-4864-94df4-1.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVE-2021-32507 – QSAN Storage Manager - Absolute Path Traversal via FileDownload function
https://notcve.org/view.php?id=CVE-2021-32507
Absolute Path Traversal vulnerability in FileDownload in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. La vulnerabilidad Absolute Path Traversal en FileDownload en QSAN Storage Manager permite a los atacantes remotos autentificados descargar archivos arbitrarios a través del parámetro Url path. La vulnerabilidad referida ha sido resuelta con la versión actualizada de QSAN Storage Manager versión v3.3.3 • https://www.twcert.org.tw/tw/cp-132-4863-57d4a-1.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-36: Absolute Path Traversal •
CVE-2021-32506 – QSAN Storage Manager - Absolute Path Traversal via GetImage function
https://notcve.org/view.php?id=CVE-2021-32506
Absolute Path Traversal vulnerability in GetImage in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3 . La vulnerabilidad Absolute Path Traversal en GetImage en QSAN Storage Manager permite a los atacantes remotos autentificados descargar archivos arbitrarios a través del parámetro Url path. La referida vulnerabilidad ha sido resuelta con la versión actualizada de QSAN Storage Manager versión v3.3.3 • https://www.twcert.org.tw/tw/cp-132-4862-f8b86-1.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-36: Absolute Path Traversal •