Описание
Absolute Path Traversal vulnerability in GetImage in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3 .
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.3.3 (исключая)
cpe:2.3:a:qsan:storage_manager:*:*:*:*:*:*:*:*
EPSS
Процентиль: 46%
0.00235
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-36
CWE-22
Связанные уязвимости
github
больше 3 лет назад
Absolute Path Traversal vulnerability in GetImage in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter.
EPSS
Процентиль: 46%
0.00235
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-36
CWE-22