CVE-2021-32527
QSAN Storage Manager - Path Traversal-2
In short
A flaw in QSAN Storage Manager allows anyone on the internet to download any file from the server by manipulating the file path in the download function, without needing to log in.
Technical detail
This path traversal vulnerability (CWE-22) in the download function accepts unsanitized file path input from unauthenticated remote attackers, enabling arbitrary file disclosure. The attack vector requires only network access and a crafted request with traversal sequences (e.g., ../) to access files outside the intended directory, compromising confidentiality of sensitive data stored on the server.
Summary generated and translated by AI from the official description.
Path traversal vulnerability in QSAN Storage Manager allows remote unauthenticated attackers to download arbitrary files thru injecting file path in download function. Suggest contacting with QSAN and refer to recommendations in QSAN Document.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
QSAN · Storage ManagerWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →