Exposure of Information Through Directory Listing

CVE-2021-32510

Medium

4.3/10

Summary

QSAN Storage Manager through directory listing vulnerability in antivirus function allows remote authenticated attackers to list arbitrary directories by injecting file path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-548 - Exposure of Information Through Directory Listing

A directory listing is inappropriately exposed, yielding potentially sensitive information to attackers.

References

Advisory Timeline

Published Jul 07, 2021

Exposure of Information Through Directory Listing

CVE-2021-32510

Summary

CWE-548 - Exposure of Information Through Directory Listing

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS