CVE-2021-40371

Опубликовано: 25 окт. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Gridpro Request Management for Windows Azure Pack before 2.0.7912 allows Directory Traversal for remote code execution, as demonstrated by ..\ in a scriptName JSON value to ServiceManagerTenant/GetVisibilityMap.

Ссылки

http://packetstormsecurity.com/files/164621/GridPro-Request-Management-For-Windows-Azure-Pack-2.0.7905-Directory-Traversal.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2021/Oct/33
Exploit
Mailing List
Third Party Advisory
https://www.gridprosoftware.com/products/requestmanagement/
Product
Vendor Advisory
http://packetstormsecurity.com/files/164621/GridPro-Request-Management-For-Windows-Azure-Pack-2.0.7905-Directory-Traversal.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2021/Oct/33
Exploit
Mailing List
Third Party Advisory
https://www.gridprosoftware.com/products/requestmanagement/
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gridprosoftware:request_management:*:*:*:*:*:azure:*:*

Версия до 2.0.7912 (исключая)

EPSS

Процентиль: 89%

0.0456

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-cv3w-g9v5-cc63

github

больше 3 лет назад

Gridpro Request Management for Windows Azure Pack before 2.0.7912 allows Directory Traversal for remote code execution, as demonstrated by ..\\ in a scriptName JSON value to ServiceManagerTenant/GetVisibilityMap.