CVE-2021-35975

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Absolute path traversal vulnerability in the Systematica SMTP Adapter component (up to v2.0.1.101) in Systematica Radius (up to v.3.9.256.777) allows remote attackers to read arbitrary files via a full pathname in GET parameter "file" in URL. Also: affected components in same product - HTTP Adapter (up to v.1.8.0.15), MSSQL MessageBus Proxy (up to v.1.1.06), Financial Calculator (up to v.1.3.05), FIX Adapter (up to v.2.4.0.25)

Vulnerabilidad de path traversal absoluto en el componente Systematica SMTP Adapter (hasta v2.0.1.101) en Systematica Radius (hasta v.3.9.256.777) permite a atacantes remotos leer archivos arbitrarios a través de un nombre de ruta completo en el parámetro GET "archivo" en URL . Además: componentes afectados en el mismo producto: Adaptador HTTP (hasta v.1.8.0.15), Proxy MSSQL MessageBus (hasta v.1.1.06), Calculadora financiera (hasta v.1.3.05), Adaptador FIX (hasta v.2.4.0.25)

*Credits: N/A

CVSS Scores

NISTv3.1 5.3

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-06-30 CVE Reserved
2023-11-30 CVE Published
2024-08-04 CVE Updated
2024-08-04 First Exploit
2024-10-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC
https://github.com/fbkcs/CVE-2021-35975	2024-08-04

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Systematica Search vendor "Systematica"		Financial Calculator Search vendor "Systematica" for product "Financial Calculator"				<= 1.3.05 Search vendor "Systematica" for product "Financial Calculator" and version " <= 1.3.05"		-		Affected
Systematica Search vendor "Systematica"		Fix Adapter Search vendor "Systematica" for product "Fix Adapter"				<= 2.4.0.25 Search vendor "Systematica" for product "Fix Adapter" and version " <= 2.4.0.25"		-		Affected
Systematica Search vendor "Systematica"		Http Adapter Search vendor "Systematica" for product "Http Adapter"				<= 1.8.0.15 Search vendor "Systematica" for product "Http Adapter" and version " <= 1.8.0.15"		-		Affected
Systematica Search vendor "Systematica"		Mssql Messagebus Proxy Search vendor "Systematica" for product "Mssql Messagebus Proxy"				<= 1.1.06 Search vendor "Systematica" for product "Mssql Messagebus Proxy" and version " <= 1.1.06"		-		Affected
Systematica Search vendor "Systematica"		Radius Search vendor "Systematica" for product "Radius"				<= 3.9.256.777 Search vendor "Systematica" for product "Radius" and version " <= 3.9.256.777"		-		Affected
Systematica Search vendor "Systematica"		Smtp Adapter Search vendor "Systematica" for product "Smtp Adapter"				<= 2.0.1.101 Search vendor "Systematica" for product "Smtp Adapter" and version " <= 2.0.1.101"		-		Affected