CVE-2021-45389
CRITICALStarWind Command Center and SAN&NAS - Improper Authentication via JWT Token Injection
Title source: llmDescription
A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN and NAS build 1578 and StarWind Command Center build 6864.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.starwindsoftware.com/security/sw-20211512-0001/
Various Sources x_refsource_confirm
https://www.starwindsoftware.com/security/sw-20211215-0001/
Scores
CVSS v3
9.8
EPSS
0.0117
EPSS Percentile
63.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (2)
starwind/command_center
6864
starwind/san\&nas
1578
Published
Jan 04, 2022
Tracked Since
Feb 18, 2026