Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-24551 | 1 Starwindsoftware | 2 Nas, San | 2022-08-31 | 9.0 HIGH | 8.8 HIGH |
A flaw was found in StarWind Stack. The endpoint for setting a new password doesn’t check the current username and old password. An attacker could reset any local user password (including system/administrator user) using any available user This affects StarWind SAN and NAS v0.2 build 1633. | |||||
CVE-2022-24552 | 1 Starwindsoftware | 2 Nas, San | 2022-08-31 | 10.0 HIGH | 9.8 CRITICAL |
A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with root privileges. This affects StarWind SAN and NAS v0.2 build 1633. |