CVE-2021-29395

{"id": "CVE-2021-29395", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-02-04T19:15:07.883", "references": [{"url": "https://Ardent-Security.com", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://ardent-security.com/en/advisory/asa-2021-03/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP source code, across the filesystem of the host of the web application."}, {"lang": "es", "value": "Un Salto de Directorio en el archivo /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management versi\u00f3n 6.3, permite a usuarios remotos no autenticados descargar archivos arbitrarios, incluyendo el c\u00f3digo fuente JSP, a trav\u00e9s del sistema de archivos del host de la aplicaci\u00f3n web"}], "lastModified": "2022-02-08T19:41:12.950", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:globalnorthstar:northstar_club_management:6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "269E5527-3ED0-4BE8-B661-77B0058EFBD7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}