CVE-2021-42081
Authenticated Remote Command Execution vulnerability in OSNEXUS QuantaStor before 6.0.0.355
| CVE | CVE-2021-42081 | |||||||||||
| Title | Authenticated Remote Command Execution vulnerability in OSNEXUS QuantaStor before 6.0.0.355 | |||||||||||
| Credits |
|
|||||||||||
| Affected products |
|
|||||||||||
| CVSS |
Base score:
9.1
(CRITICAL) |
|||||||||||
| References |
|
|||||||||||
| Problem type(s) | CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | |||||||||||
| Date published | ||||||||||||
| Last modified | 10 Jul 2023 06:29 UTC |
Description
An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API.
Solution(s)
Upgrade to the latest version of OSNEXUS QuantaStor.
JSON version.