CVE-2021-35975

Absolute path traversal vulnerability in the Systematica SMTP Adapter component (up to v2.0.1.101) in Systematica Radius (up to v.3.9.256.777) allows remote attackers to read arbitrary files via a full pathname in GET parameter "file" in URL. Also: affected components in same product - HTTP Adapter (up to v.1.8.0.15), MSSQL MessageBus Proxy (up to v.1.1.06), Financial Calculator (up to v.1.3.05), FIX Adapter (up to v.2.4.0.25)
References
Link Resource
https://github.com/fbkcs/CVE-2021-35975 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:systematica:financial_calculator:*:*:*:*:*:*:*:*
cpe:2.3:a:systematica:fix_adapter:*:*:*:*:*:*:*:*
cpe:2.3:a:systematica:http_adapter:*:*:*:*:*:*:*:*
cpe:2.3:a:systematica:mssql_messagebus_proxy:*:*:*:*:*:*:*:*
cpe:2.3:a:systematica:radius:*:*:*:*:*:*:*:*
cpe:2.3:a:systematica:smtp_adapter:*:*:*:*:*:*:*:*

History

11 Dec 2023, 15:34

Type Values Removed Values Added
CWE CWE-22
First Time Systematica radius
Systematica http Adapter
Systematica
Systematica smtp Adapter
Systematica mssql Messagebus Proxy
Systematica fix Adapter
Systematica financial Calculator
CPE cpe:2.3:a:systematica:fix_adapter:*:*:*:*:*:*:*:*
cpe:2.3:a:systematica:smtp_adapter:*:*:*:*:*:*:*:*
cpe:2.3:a:systematica:radius:*:*:*:*:*:*:*:*
cpe:2.3:a:systematica:mssql_messagebus_proxy:*:*:*:*:*:*:*:*
cpe:2.3:a:systematica:http_adapter:*:*:*:*:*:*:*:*
cpe:2.3:a:systematica:financial_calculator:*:*:*:*:*:*:*:*
References () https://github.com/fbkcs/CVE-2021-35975 - () https://github.com/fbkcs/CVE-2021-35975 - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3

30 Nov 2023, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-30 22:15

Updated : 2024-02-28 20:54


NVD link : CVE-2021-35975

Mitre link : CVE-2021-35975

CVE.ORG link : CVE-2021-35975


JSON object : View

Products Affected

systematica

  • mssql_messagebus_proxy
  • http_adapter
  • financial_calculator
  • fix_adapter
  • radius
  • smtp_adapter
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')