"-Synchronized-Data."

2025-07-29 05:56:59 +00:00 · 2022-09-01 00:00:33 +00:00 · 2022-09-01 00:00:33 +00:00 · 72189bf97b
commit 72189bf97b
parent fb408377ab
2 changed files with 12 additions and 2 deletions
--- a/2021/45xxx/CVE-2021-45389.json
+++ b/2021/45xxx/CVE-2021-45389.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "StarWind SAN & NAS build 1578 and StarWind Command Center Build 6864 Update Manager allows authentication with JTW token which is signed with any key. An attacker could use self-signed JTW token to bypass authentication resulting in escalation of privileges."
+                "value": "A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN and NAS build 1578 and StarWind Command Center build 6864."
            }
        ]
    },
@ -56,6 +56,11 @@
                "url": "https://www.starwindsoftware.com/security/sw-20211512-0001/",
                "refsource": "MISC",
                "name": "https://www.starwindsoftware.com/security/sw-20211512-0001/"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://www.starwindsoftware.com/security/sw-20211215-0001/",
+                "url": "https://www.starwindsoftware.com/security/sw-20211215-0001/"
            }
        ]
    }
--- a/2022/24xxx/CVE-2022-24551.json
+++ b/2022/24xxx/CVE-2022-24551.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "StarWind SAN and NAS before 0.2 build 1685 allows users to reset other users' passwords."
+                "value": "A flaw was found in StarWind Stack. The endpoint for setting a new password doesn\u2019t check the current username and old password. An attacker could reset any local user password (including system/administrator user) using any available user This affects StarWind SAN and NAS v0.2 build 1633."
            }
        ]
    },
@ -56,6 +56,11 @@
                "url": "https://www.starwindsoftware.com/security/sw-20220204-0001/",
                "refsource": "MISC",
                "name": "https://www.starwindsoftware.com/security/sw-20220204-0001/"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://www.starwindsoftware.com/security/sw-20220204-0001/",
+                "url": "https://www.starwindsoftware.com/security/sw-20220204-0001/"
            }
        ]
    }