Skip to main content

Quantastor

3 CVEs product

Monthly

CVE-2026-10880 CRITICAL PATCH Act Now

Authentication bypass via SQL injection in OSNexus QuantaStor SDS Manager allows unauthenticated remote attackers to log in as administrator by injecting crafted input into the login endpoint's username field. The flaw carries a CVSS 9.8 rating and grants full administrative control over the storage management plane without any valid credentials. No public exploit identified at time of analysis, though the vulnerability was disclosed by researchers at Black Lantern Security (BLSOPS).

SQLi Quantastor
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2017-9979 MEDIUM POC This Month

On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Quantastor
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.4%
CVE-2017-9978 MEDIUM POC THREAT This Month

On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.4%.

Information Disclosure Quantastor
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
16.4%
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Authentication bypass via SQL injection in OSNexus QuantaStor SDS Manager allows unauthenticated remote attackers to log in as administrator by injecting crafted input into the login endpoint's username field. The flaw carries a CVSS 9.8 rating and grants full administrative control over the storage management plane without any valid credentials. No public exploit identified at time of analysis, though the vulnerability was disclosed by researchers at Black Lantern Security (BLSOPS).

SQLi Quantastor
NVD
EPSS 2% CVSS 6.1
MEDIUM POC This Month

On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Quantastor
NVD Exploit-DB
EPSS 16% CVSS 5.3
MEDIUM POC THREAT This Month

On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.4%.

Information Disclosure Quantastor
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy