cvelist/2021/32xxx/CVE-2021-32523.json

{
    "CVE_data_meta": {
        "AKA": "TWCERT/CC",
        "ASSIGNER": "cve@cert.org.tw",
        "DATE_PUBLIC": "2021-07-07T12:19:00.000Z",
        "ID": "CVE-2021-32523",
        "STATE": "PUBLIC",
        "TITLE": "QSAN Storage Manager - Improper Authorization"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Storage Manager",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_value": "3.3.1"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "QSAN"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Improper authorization vulnerability in QSAN Storage Manager allows remote privileged users to bypass the access control and execute arbitrary commands. Suggest contacting with QSAN and refer to recommendations in QSAN Document."
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-285 Improper Authorization"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://www.twcert.org.tw/tw/cp-132-4879-01616-1.html",
                "refsource": "MISC",
                "url": "https://www.twcert.org.tw/tw/cp-132-4879-01616-1.html"
            }
        ]
    },
    "solution": [
        {
            "lang": "eng",
            "value": "Please refer to QSANS's recommended measures\n"
        }
    ],
    "source": {
        "advisory": "TVN-202104028",
        "discovery": "EXTERNAL"
    }
}