CVE-2021-32515 - Vulnerability Details - OpenCVE

Description

Directory listing vulnerability in share_link in QSAN Storage Manager allows attackers to list arbitrary directories and further access credential information. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.

Published: 2021-07-07

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

QSAN

Storage Manager

affected

Version	Status	Constraints
`unspecified`	affected	≤ 3.3.1

Configuration 1 [-]

cpe:2.3:a:qsan:storage_manager:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

Vendor Solution

QSAN Storage Manager v3.3.3

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2021-19361	Directory listing vulnerability in share_link in QSAN Storage Manager allows attackers to list arbitrary directories and further access credential information. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00178.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.twcert.org.tw/tw/cp-132-4871-2a2d7-1.html

History

No history.

Subscriptions

Qsan Storage Manager

MITRE

Status: PUBLISHED

Assigner: twcert

Published: 2021-07-07T14:11:53.717Z

Updated: 2024-09-17T01:31:03.172Z

Reserved: 2021-05-10T00:00:00.000Z

Link: CVE-2021-32515

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-07-07T14:15:10.753

Modified: 2024-11-21T06:07:10.887

Link: CVE-2021-32515

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-548

{"containers": {"cna": {"affected": [{"product": "Storage Manager", "vendor": "QSAN", "versions": [{"lessThanOrEqual": "3.3.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-07-07T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Directory listing vulnerability in share_link in QSAN Storage Manager allows attackers to list arbitrary directories and further access credential information. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-548", "description": "CWE-548 Information Exposure Through Directory Listing", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-07-22T10:32:37.000Z", "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.twcert.org.tw/tw/cp-132-4871-2a2d7-1.html"}], "solutions": [{"lang": "en", "value": "QSAN Storage Manager v3.3.3"}], "source": {"advisory": "TVN-202104020", "discovery": "EXTERNAL"}, "title": "QSAN Storage Manager - Exposure of Information Through Directory Listing", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "TWCERT/CC", "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2021-07-07T11:33:00.000Z", "ID": "CVE-2021-32515", "STATE": "PUBLIC", "TITLE": "QSAN Storage Manager - Exposure of Information Through Directory Listing"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Storage Manager", "version": {"version_data": [{"version_affected": "<=", "version_value": "3.3.1"}]}}]}, "vendor_name": "QSAN"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory listing vulnerability in share_link in QSAN Storage Manager allows attackers to list arbitrary directories and further access credential information. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-548 Information Exposure Through Directory Listing"}]}]}, "references": {"reference_data": [{"name": "https://www.twcert.org.tw/tw/cp-132-4871-2a2d7-1.html", "refsource": "MISC", "url": "https://www.twcert.org.tw/tw/cp-132-4871-2a2d7-1.html"}]}, "solution": [{"lang": "en", "value": "QSAN Storage Manager v3.3.3"}], "source": {"advisory": "TVN-202104020", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:25:30.411Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.twcert.org.tw/tw/cp-132-4871-2a2d7-1.html"}]}]}, "cveMetadata": {"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "cveId": "CVE-2021-32515", "datePublished": "2021-07-07T14:11:53.717Z", "dateReserved": "2021-05-10T00:00:00.000Z", "dateUpdated": "2024-09-17T01:31:03.172Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qsan:storage_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E61F3B8-8B79-4890-988A-233BB46D1162", "versionEndExcluding": "3.3.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory listing vulnerability in share_link in QSAN Storage Manager allows attackers to list arbitrary directories and further access credential information. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3."}, {"lang": "es", "value": "La vulnerabilidad del listado de directorios en share_link en QSAN Storage Manager permite a los atacantes listar directorios arbitrarios y acceder a la informaci\u00f3n de las credenciales. La vulnerabilidad referida ha sido resuelta con la versi\u00f3n actualizada de QSAN Storage Manager versi\u00f3n v3.3.3"}], "id": "CVE-2021-32515", "lastModified": "2024-11-21T06:07:10.887", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2021-07-07T14:15:10.753", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-4871-2a2d7-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-4871-2a2d7-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-548"}], "source": "twcert@cert.org.tw", "type": "Secondary"}]}