Every CVE whose affected-product data names Osnexus Quantastor, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2021-4406 — CVSS 9.1 (critical): An authenticated attacker is able to create alerts that trigger a stored XSS attack. POC * go to the alert manager * open the ITSM tab *…
CVE-2021-42081 — CVSS 9.1 (critical): An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API. POC http://<IP_ADDRESS>/qstorapi/storage…
CVE-2021-42083 — CVSS 8.7 (high): An authenticated attacker is able to create alerts that trigger a stored XSS attack. POC * go to the alert manager * open the ITSM tab *…
CVE-2021-42082 — CVSS 7.8 (high): Local users are able to execute scripts under root privileges. POC On the local host run the following command: curl 'localhost:8154/qstor/q…
CVE-2021-42080 — CVSS 7.4 (high): An attacker is able to launch a Reflected XSS attack using a crafted URL. POC: Visit the following URL https://<IPADDRESS>:8153/qstorapi/ech…
CVE-2021-42079 — CVSS 6.2 (medium): An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests…
CVE-2017-9979 — CVSS 6.1 (medium): On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing…
CVE-2017-9978 — CVSS 5.3 (medium): On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that…