CVE-2021-42786 CRITICAL

CVE-2021-42786: Remote Code Execution at AgentControllerServlet

Vendor Aternity
Product SteelCentral AppInternals Dynamic Sampling Agent
Weakness CWE-20 · Input validation
Published March 9, 2022
Last update September 17, 2024

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) has Remote Code Execution vulnerabilities in multiple instances of the API requests. The affected endpoints do not have any input validation of the user's input that allowed a malicious payload to be injected.

Key dates

02Disclosure timeline

March 9, 2022 CVE published
September 17, 2024 Record updated