Page 2 of 7 results (0.005 seconds)

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2021-42786 – Remote Code Execution at AgentControllerServlet

https://notcve.org/view.php?id=CVE-2021-42786

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) has Remote Code Execution vulnerabilities in multiple instances of the API requests. The affected endpoints do not have any input validation of the user's input that allowed a malicious payload to be injected. Se ha detectado que el agente de muestreo dinámico (DSA) de SteelCentral AppInternals presenta vulnerabilidades de ejecución de código remota en varias instancias de las peticiones de la API. Los puntos finales afectados no comprueban la entrada del usuario, lo que permite inyectar una carga útil maliciosa • https://aternity.force.com/customersuccess/s/article/Remote-Code-Execution-at-AgentControllerServlet-CVE-2021-42786 • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2021-42853 – Directory Traversal Delete/Read at AgentDiagnosticServlet

https://notcve.org/view.php?id=CVE-2021-42853

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDiagnosticServlet has directory traversal vulnerability at the "/api/appInternals/1.0/agent/diagnostic/logs" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected. Se ha detectado que el agente de muestreo dinámico (DSA) AgentDiagnosticServlet de SteelCentral AppInternals presenta una vulnerabilidad salto de directorio en la API "/api/appInternals/1.0/agent/diagnostic/logs". El endpoint afectado no comprueba la entrada del usuario, lo que permite inyectar una carga maliciosa • https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Delete-Read-at-AgentDiagnosticServlet-CVE-2021-42853 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •