Absolute path traversal vulnerability in the Systematica SMTP Adapter component (up to v2.0.1.101) in Systematica Radius (up to v.3.9.256.777) allows remote attackers to read arbitrary files via a full pathname in GET parameter "file" in URL. Also: affected components in same product - HTTP Adapter (up to v.1.8.0.15), MSSQL MessageBus Proxy (up to v.1.1.06), Financial Calculator (up to v.1.3.05), FIX Adapter (up to v.2.4.0.25)
References
Link | Resource |
---|---|
https://github.com/fbkcs/CVE-2021-35975 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
11 Dec 2023, 15:34
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-22 | |
First Time |
Systematica radius
Systematica http Adapter Systematica Systematica smtp Adapter Systematica mssql Messagebus Proxy Systematica fix Adapter Systematica financial Calculator |
|
CPE | cpe:2.3:a:systematica:fix_adapter:*:*:*:*:*:*:*:* cpe:2.3:a:systematica:smtp_adapter:*:*:*:*:*:*:*:* cpe:2.3:a:systematica:radius:*:*:*:*:*:*:*:* cpe:2.3:a:systematica:mssql_messagebus_proxy:*:*:*:*:*:*:*:* cpe:2.3:a:systematica:http_adapter:*:*:*:*:*:*:*:* cpe:2.3:a:systematica:financial_calculator:*:*:*:*:*:*:*:* |
|
References | () https://github.com/fbkcs/CVE-2021-35975 - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
30 Nov 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-30 22:15
Updated : 2024-02-28 20:54
NVD link : CVE-2021-35975
Mitre link : CVE-2021-35975
CVE.ORG link : CVE-2021-35975
JSON object : View
Products Affected
systematica
- mssql_messagebus_proxy
- http_adapter
- financial_calculator
- fix_adapter
- radius
- smtp_adapter
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')