{"api_version":"1","generated_at":"2026-04-24T05:06:57+00:00","cve":"CVE-2021-32526","urls":{"html":"https://cve.report/CVE-2021-32526","api":"https://cve.report/api/cve/CVE-2021-32526.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-32526","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-32526"},"summary":{"title":"CVE-2021-32526","description":"Incorrect permission assignment for critical resource vulnerability in QSAN Storage Manager allows authenticated remote attackers to access arbitrary password files. Suggest contacting with QSAN and refer to recommendations in QSAN Document.","state":"PUBLIC","assigner":"cve@cert.org.tw","published_at":"2021-07-07 14:15:00","updated_at":"2021-09-20 12:35:00"},"problem_types":["CWE-732"],"metrics":[],"references":[{"url":"https://www.twcert.org.tw/tw/cp-132-4882-c0310-1.html","name":"N/A","refsource":"CONFIRM","tags":[],"title":"TWCERT/CC台灣電腦網路危機處理暨協調中心-QSAN Storage Manager - Incorrect Permission Assignment for Critical Resource","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-32526","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32526","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"32526","vulnerable":"1","versionEndIncluding":"3.3.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"qsan","cpe5":"storage_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"AKA":"TWCERT/CC","ASSIGNER":"cve@cert.org.tw","DATE_PUBLIC":"2021-07-07T12:19:00.000Z","ID":"CVE-2021-32526","STATE":"PUBLIC","TITLE":"QSAN Storage Manager - Incorrect Permission Assignment for Critical Resource"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Storage Manager","version":{"version_data":[{"version_affected":"<=","version_value":"3.3.1"}]}}]},"vendor_name":"QSAN"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Incorrect permission assignment for critical resource vulnerability in QSAN Storage Manager allows authenticated remote attackers to access arbitrary password files. Suggest contacting with QSAN and refer to recommendations in QSAN Document."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-732 Incorrect Permission Assignment for Critical Resource"}]}]},"references":{"reference_data":[{"name":"https://www.twcert.org.tw/tw/cp-132-4882-c0310-1.html","refsource":"MISC","url":"https://www.twcert.org.tw/tw/cp-132-4882-c0310-1.html"}]},"solution":[{"lang":"eng","value":"QSAN Storage Manager v3.3.3"}],"source":{"advisory":"TVN-202104031","discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2021-07-07 14:15:00","lastModifiedDate":"2021-09-20 12:35:00","problem_types":["CWE-732"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:qsan:storage_manager:*:*:*:*:*:*:*:*","versionEndIncluding":"3.3.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"32526","Ordinal":"207911","Title":"CVE-2021-32526","CVE":"CVE-2021-32526","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"32526","Ordinal":"1","NoteData":"Incorrect permission assignment for critical resource vulnerability in QSAN Storage Manager allows authenticated remote attackers to access arbitrary password files. Suggest contacting with QSAN and refer to recommendations in QSAN Document.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"32526","Ordinal":"2","NoteData":"2021-07-07","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"32526","Ordinal":"3","NoteData":"2021-08-02","Type":"Other","Title":"Modified"}]}}}