CVE-2021-42853 CRITICAL

CVE-2021-42853: Directory Traversal Delete/Read at AgentDiagnosticServlet

Vendor Aternity

Product SteelCentral AppInternals Dynamic Sampling Agent

Weakness CWE-20 · Input validation

Published March 9, 2022

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

9.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

What the vulnerability does

01Description

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDiagnosticServlet has directory traversal vulnerability at the "/api/appInternals/1.0/agent/diagnostic/logs" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected.

Key dates

02Disclosure timeline

March 9, 2022 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-42853 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

Identifiers

CVE CVE-2021-42853

CWE CWE-20

CVSS 9.1 / CRITICAL

Affected versions

Vendor Aternity

Product SteelCentral AppInternals Dynamic Sampling Agent

Affected 10.x

Vendor Aternity

Product SteelCentral AppInternals Dynamic Sampling Agent

Affected ≥ 12.13.0 and < 12.13.0

Vendor Aternity

Product SteelCentral AppInternals Dynamic Sampling Agent

Affected ≥ 11.8.8 and < 11.8.8

CVE-2021-42853: Directory Traversal Delete/Read at AgentDiagnosticServlet

01Description

02Disclosure timeline

03References

04Related CVE