CVE-2021-40095

Published: Dec 7, 2021Modified: Nov 21, 2024

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

An issue was discovered in SquaredUp for SCOM 5.2.1.6654. The Download Log feature in System / Maintenance was susceptible to a local file inclusion vulnerability (when processing remote input in the log files downloaded by an authenticated administrator user), leading to the ability to read arbitrary files on the server filesystems.

Affected (3)

Products: Squaredup: Squaredup

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Squaredup Squaredup	Before 5.3.1
Squaredup Squaredup	Before 5.3.1
Squaredup Squaredup	Before 5.3.1

References (4)

https://support.squaredup.com

Source: cve@mitre.org

Vendor Advisory

https://support.squaredup.com/hc/en-us/articles/4410635419153-CVE-2021-40095-Reading-arbitrary-files

Source: cve@mitre.org

Vendor Advisory

https://support.squaredup.com

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.squaredup.com/hc/en-us/articles/4410635419153-CVE-2021-40095-Reading-arbitrary-files

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.