A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN and NAS build 1578 and StarWind Command Center build 6864.
References
Link | Resource |
---|---|
https://www.starwindsoftware.com/security/sw-20211215-0001/ | |
https://www.starwindsoftware.com/security/sw-20211512-0001/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2022-01-04 16:15
Updated : 2024-02-28 18:48
NVD link : CVE-2021-45389
Mitre link : CVE-2021-45389
CVE.ORG link : CVE-2021-45389
JSON object : View
Products Affected
starwind
- san\&nas
- command_center
CWE
CWE-287
Improper Authentication