CVE-2021-35975

Published Nov 30, 2023

Last updated a year ago

CVSS medium 5.3

Overview

Description: Absolute path traversal vulnerability in the Systematica SMTP Adapter component (up to v2.0.1.101) in Systematica Radius (up to v.3.9.256.777) allows remote attackers to read arbitrary files via a full pathname in GET parameter "file" in URL. Also: affected components in same product - HTTP Adapter (up to v.1.8.0.15), MSSQL MessageBus Proxy (up to v.1.1.06), Financial Calculator (up to v.1.3.05), FIX Adapter (up to v.2.4.0.25)
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:systematica:financial_calculator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7670A7C0-374D-49A8-ACCA-75A2E85BBBD6",
            "versionEndIncluding": "1.3.05"
          },
          {
            "criteria": "cpe:2.3:a:systematica:fix_adapter:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17A654EA-9C84-42EB-AF76-C51E0E242415",
            "versionEndIncluding": "2.4.0.25"
          },
          {
            "criteria": "cpe:2.3:a:systematica:http_adapter:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5CD9D4F0-F12D-4A0D-977B-765DE9968CBF",
            "versionEndIncluding": "1.8.0.15"
          },
          {
            "criteria": "cpe:2.3:a:systematica:mssql_messagebus_proxy:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F1F4409-1AD0-4B15-9908-A6539834F249",
            "versionEndIncluding": "1.1.06"
          },
          {
            "criteria": "cpe:2.3:a:systematica:radius:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B53E02A6-E1A8-4414-85F1-B98C878D0780",
            "versionEndIncluding": "3.9.256.777"
          },
          {
            "criteria": "cpe:2.3:a:systematica:smtp_adapter:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34768134-B53D-4B3C-AB35-E1A65126C39F",
            "versionEndIncluding": "2.0.1.101"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References