CVE-2021-40680

Published: Apr 25, 2022Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via the filename parameter to /cgi-bin/main.cgi.

Affected (9)

Products: Articatech: Web Proxy

Articatech

1 product

Web Proxy

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Articatech Web Proxy	Version 4.30.000000 sp206
Articatech Web Proxy	Version 4.30.000000 sp255
Articatech Web Proxy	Version 4.30.000000 sp267
Articatech Web Proxy	Version 4.30.000000 sp268
Articatech Web Proxy	Version 4.30.000000 sp269
Articatech Web Proxy	Version 4.30.000000 sp270
Articatech Web Proxy	Version 4.30.000000 sp271
Articatech Web Proxy	Version 4.30.000000 sp272
Articatech Web Proxy	Version 4.30.000000 sp273

Related CWEs

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (2)

http://seclists.org/fulldisclosure/2022/Apr/39

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/Apr/39

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.