Vulnerabilities (CVE)

Filtered by vendor Starwindsoftware Subscribe

Filtered by product San

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-24552	1 Starwindsoftware	2 Nas, San	2023-08-08	10.0 HIGH	9.8 CRITICAL
A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with root privileges. This affects StarWind SAN and NAS v0.2 build 1633.
CVE-2022-24551	1 Starwindsoftware	2 Nas, San	2022-02-11	9.0 HIGH	8.8 HIGH
StarWind SAN and NAS before 0.2 build 1685 allows users to reset other users' passwords.