CVE-2021-32981

AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:aveva:system_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:aveva:system_platform:2020:-:*:*:*:*:*:*
cpe:2.3:a:aveva:system_platform:2020:r2:*:*:*:*:*:*
cpe:2.3:a:aveva:system_platform:2020:r2_p01:*:*:*:*:*:*

History

No history.

Information

Published : 2022-04-04 20:15

Updated : 2024-02-28 19:09


NVD link : CVE-2021-32981

Mitre link : CVE-2021-32981

CVE.ORG link : CVE-2021-32981


JSON object : View

Products Affected

aveva

  • system_platform
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')