A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN and NAS build 1578 and StarWind Command Center build 6864.
References
Link | Resource |
---|---|
https://www.starwindsoftware.com/security/sw-20211215-0001/ | |
https://www.starwindsoftware.com/security/sw-20211512-0001/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
01 Sep 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN and NAS build 1578 and StarWind Command Center build 6864. |
12 Jul 2022, 17:42
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-287 |
14 Jan 2022, 20:57
Type | Values Removed | Values Added |
---|---|---|
First Time |
Starwind
Starwind san\&nas Starwind command Center |
|
References | (MISC) https://www.starwindsoftware.com/security/sw-20211512-0001/ - Vendor Advisory | |
CWE | CWE-269 | |
CPE | cpe:2.3:a:starwind:san\&nas:1578:*:*:*:*:*:*:* cpe:2.3:a:starwind:command_center:6864:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
04 Jan 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-04 16:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-45389
Mitre link : CVE-2021-45389
CVE.ORG link : CVE-2021-45389
JSON object : View
Products Affected
starwind
- command_center
- san\&nas
CWE
CWE-287
Improper Authentication