CVE-2021-32017

EUVD-2021-18884
An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the listing of the content of the remote file system. This can be used to identify the complete server filesystem structure, i.e., identifying all the directories and files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
mitreCNA
9.9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
Affected Products (NVD)
VendorProductVersion
jump-technologyasset_management
3.6.0.04.009-2487
𝑥
= Vulnerable software versions
References
https://cds.thalesgroup.com/en/tcs-cert/CVE-2021-32017
https://excellium-services.com/cert-xlm-advisory/cve-2021-32017/
https://excellium-services.com/cert-xlm-advisory/cve-2021-32017/