Show plain JSON{"containers": {"cna": {"affected": [{"product": "Storage Manager", "vendor": "QSAN", "versions": [{"lessThanOrEqual": "3.3.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-07-07T00:00:00", "descriptions": [{"lang": "en", "value": "Incorrect permission assignment for critical resource vulnerability in QSAN Storage Manager allows authenticated remote attackers to access arbitrary password files. Suggest contacting with QSAN and refer to recommendations in QSAN Document."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-08-02T11:18:53", "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.twcert.org.tw/tw/cp-132-4882-c0310-1.html"}], "solutions": [{"lang": "en", "value": "QSAN Storage Manager v3.3.3"}], "source": {"advisory": "TVN-202104031", "discovery": "EXTERNAL"}, "title": "QSAN Storage Manager - Incorrect Permission Assignment for Critical Resource", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "TWCERT/CC", "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2021-07-07T12:19:00.000Z", "ID": "CVE-2021-32526", "STATE": "PUBLIC", "TITLE": "QSAN Storage Manager - Incorrect Permission Assignment for Critical Resource"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Storage Manager", "version": {"version_data": [{"version_affected": "<=", "version_value": "3.3.1"}]}}]}, "vendor_name": "QSAN"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Incorrect permission assignment for critical resource vulnerability in QSAN Storage Manager allows authenticated remote attackers to access arbitrary password files. Suggest contacting with QSAN and refer to recommendations in QSAN Document."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}]}, "references": {"reference_data": [{"name": "https://www.twcert.org.tw/tw/cp-132-4882-c0310-1.html", "refsource": "MISC", "url": "https://www.twcert.org.tw/tw/cp-132-4882-c0310-1.html"}]}, "solution": [{"lang": "en", "value": "QSAN Storage Manager v3.3.3"}], "source": {"advisory": "TVN-202104031", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:25:29.927Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.twcert.org.tw/tw/cp-132-4882-c0310-1.html"}]}]}, "cveMetadata": {"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "cveId": "CVE-2021-32526", "datePublished": "2021-07-07T14:12:11.318911Z", "dateReserved": "2021-05-10T00:00:00", "dateUpdated": "2024-09-16T16:24:00.799Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"} 
ReportizFlow
Vulnrichment
Redhat