CVE-2021-42853

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDiagnosticServlet has directory traversal vulnerability at the "/api/appInternals/1.0/agent/diagnostic/logs" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:riverbed:steelcentral_appinternals_dynamic_sampling_agent:*:*:*:*:*:*:*:*
cpe:2.3:a:riverbed:steelcentral_appinternals_dynamic_sampling_agent:*:*:*:*:*:*:*:*
cpe:2.3:a:riverbed:steelcentral_appinternals_dynamic_sampling_agent:10.0.0:*:*:*:*:*:*:*

History

21 Nov 2024, 06:28

Type Values Removed Values Added
CVSS v2 : 7.5
v3 : 9.8
v2 : 7.5
v3 : 9.1
References () https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Delete-Read-at-AgentDiagnosticServlet-CVE-2021-42853 - Third Party Advisory () https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Delete-Read-at-AgentDiagnosticServlet-CVE-2021-42853 - Third Party Advisory

Information

Published : 2022-03-10 17:44

Updated : 2024-11-21 06:28


NVD link : CVE-2021-42853

Mitre link : CVE-2021-42853

CVE.ORG link : CVE-2021-42853


JSON object : View

Products Affected

riverbed

  • steelcentral_appinternals_dynamic_sampling_agent
CWE
CWE-20

Improper Input Validation

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')