CVE-2021-32981
AVEVA System Platform Path Traversal
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
AVEVA System Platform versiones 2017 hasta 2020 R2 P01, usa una entrada externa para construir un nombre de ruta que pretende identificar un archivo o directorio que es encontrado debajo de un directorio principal restringido, pero el software no neutraliza apropiadamente los elementos especiales dentro del nombre de ruta que pueden causar que el nombre de ruta sea resuelto a una ubicación que está fuera del directorio restringido
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-05-13 CVE Reserved
- 2022-04-04 CVE Published
- 2024-08-03 CVE Updated
- 2024-09-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-21-180-05 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Aveva Search vendor "Aveva" | System Platform Search vendor "Aveva" for product "System Platform" | >= 2017 < 2020 Search vendor "Aveva" for product "System Platform" and version " >= 2017 < 2020" | - |
Affected
| ||||||
Aveva Search vendor "Aveva" | System Platform Search vendor "Aveva" for product "System Platform" | 2020 Search vendor "Aveva" for product "System Platform" and version "2020" | - |
Affected
| ||||||
Aveva Search vendor "Aveva" | System Platform Search vendor "Aveva" for product "System Platform" | 2020 Search vendor "Aveva" for product "System Platform" and version "2020" | r2 |
Affected
| ||||||
Aveva Search vendor "Aveva" | System Platform Search vendor "Aveva" for product "System Platform" | 2020 Search vendor "Aveva" for product "System Platform" and version "2020" | r2_p01 |
Affected
|