CVE-2021-42853

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDiagnosticServlet has directory traversal vulnerability at the "/api/appInternals/1.0/agent/diagnostic/logs" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:riverbed:steelcentral_appinternals_dynamic_sampling_agent:*:*:*:*:*:*:*:*
cpe:2.3:a:riverbed:steelcentral_appinternals_dynamic_sampling_agent:*:*:*:*:*:*:*:*
cpe:2.3:a:riverbed:steelcentral_appinternals_dynamic_sampling_agent:10.0.0:*:*:*:*:*:*:*

History

15 Mar 2022, 17:31

Type Values Removed Values Added
CPE cpe:2.3:a:riverbed:steelcentral_appinternals_dynamic_sampling_agent:*:*:*:*:*:*:*:*
cpe:2.3:a:riverbed:steelcentral_appinternals_dynamic_sampling_agent:10.0.0:*:*:*:*:*:*:*
References (CONFIRM) https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Delete-Read-at-AgentDiagnosticServlet-CVE-2021-42853 - (CONFIRM) https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Delete-Read-at-AgentDiagnosticServlet-CVE-2021-42853 - Third Party Advisory
CWE CWE-22
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8

10 Mar 2022, 17:54

Type Values Removed Values Added
New CVE

Information

Published : 2022-03-10 17:44

Updated : 2024-02-04 22:29


NVD link : CVE-2021-42853

Mitre link : CVE-2021-42853

CVE.ORG link : CVE-2021-42853


JSON object : View

Products Affected

riverbed

  • steelcentral_appinternals_dynamic_sampling_agent
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-20

Improper Input Validation