{"api_version":"1","generated_at":"2026-04-24T05:06:57+00:00","cve":"CVE-2021-32523","urls":{"html":"https://cve.report/CVE-2021-32523","api":"https://cve.report/api/cve/CVE-2021-32523.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-32523","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-32523"},"summary":{"title":"CVE-2021-32523","description":"Improper authorization vulnerability in QSAN Storage Manager allows remote privileged users to bypass the access control and execute arbitrary commands. Suggest contacting with QSAN and refer to recommendations in QSAN Document.","state":"PUBLIC","assigner":"cve@cert.org.tw","published_at":"2021-07-07 14:15:00","updated_at":"2022-08-04 15:42:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"https://www.twcert.org.tw/tw/cp-132-4879-01616-1.html","name":"N/A","refsource":"CONFIRM","tags":[],"title":"TWCERT/CC台灣電腦網路危機處理暨協調中心-QSAN Storage Manager - Improper Authorization","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-32523","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32523","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"32523","vulnerable":"1","versionEndIncluding":"3.3.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"qsan","cpe5":"storage_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"AKA":"TWCERT/CC","ASSIGNER":"cve@cert.org.tw","DATE_PUBLIC":"2021-07-07T12:19:00.000Z","ID":"CVE-2021-32523","STATE":"PUBLIC","TITLE":"QSAN Storage Manager - Improper Authorization"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Storage Manager","version":{"version_data":[{"version_affected":"<=","version_value":"3.3.1"}]}}]},"vendor_name":"QSAN"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Improper authorization vulnerability in QSAN Storage Manager allows remote privileged users to bypass the access control and execute arbitrary commands. Suggest contacting with QSAN and refer to recommendations in QSAN Document."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.1,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-285 Improper Authorization"}]}]},"references":{"reference_data":[{"name":"https://www.twcert.org.tw/tw/cp-132-4879-01616-1.html","refsource":"MISC","url":"https://www.twcert.org.tw/tw/cp-132-4879-01616-1.html"}]},"solution":[{"lang":"eng","value":"Please refer to QSANS's recommended measures\n"}],"source":{"advisory":"TVN-202104028","discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2021-07-07 14:15:00","lastModifiedDate":"2022-08-04 15:42:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.5},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:qsan:storage_manager:*:*:*:*:*:*:*:*","versionEndIncluding":"3.3.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"32523","Ordinal":"207908","Title":"CVE-2021-32523","CVE":"CVE-2021-32523","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"32523","Ordinal":"1","NoteData":"Improper authorization vulnerability in QSAN Storage Manager allows remote privileged users to bypass the access control and execute arbitrary commands. Suggest contacting with QSAN and refer to recommendations in QSAN Document.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"32523","Ordinal":"2","NoteData":"2021-07-07","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"32523","Ordinal":"3","NoteData":"2021-07-22","Type":"Other","Title":"Modified"}]}}}