CVE-2021-41551

Опубликовано: 18 янв. 2022

Источник: nvd

CVSS3: 4.9

CVSS2: 4

EPSS Низкий

Описание

Leostream Connection Broker 9.0.40.17 allows administrators to conduct directory traversal attacks by uploading z ZIP file that contains a symbolic link.

Ссылки

https://leostream.com/wp-content/uploads/2018/11/Leostream_release_notes.pdf
Release Notes
Vendor Advisory
https://www.leostream.com/resource/leostream-connection-broker-9-0/
Release Notes
Vendor Advisory
https://leostream.com/wp-content/uploads/2018/11/Leostream_release_notes.pdf
Release Notes
Vendor Advisory
https://www.leostream.com/resource/leostream-connection-broker-9-0/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:leostream:connection_broker:9.0.40.17:*:*:*:*:*:*:*

EPSS

Процентиль: 43%

0.00207

Низкий

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-59

Связанные уязвимости

GHSA-3r32-ggmf-p3vp