CVE-2021-35975

EUVD-2021-22608

30.11.2023, 22:15

Absolute path traversal vulnerability in the Systematica SMTP Adapter component (up to v2.0.1.101) in Systematica Radius (up to v.3.9.256.777) allows remote attackers to read arbitrary files via a full pathname in GET parameter "file" in URL. Also: affected components in same product - HTTP Adapter (up to v.1.8.0.15), MSSQL MessageBus Proxy (up to v.1.1.06), Financial Calculator (up to v.1.3.05), FIX Adapter (up to v.2.4.0.25)

Path Traversal

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 46%

Affected Products (NVD)

Vendor	Product	Version
systematica	financial_calculator	𝑥 ≤ 1.3.05
systematica	fix_adapter	𝑥 ≤ 2.4.0.25
systematica	http_adapter	𝑥 ≤ 1.8.0.15
systematica	mssql_messagebus_proxy	𝑥 ≤ 1.1.06
systematica	radius	𝑥 ≤ 3.9.256.777
systematica	smtp_adapter	𝑥 ≤ 2.0.1.101

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

https://github.com/fbkcs/CVE-2021-35975