Lucene search

MitreCVE-2021-29398

HistoryFeb 04, 2022 - 7:15 p.m.

CVE-2021-29398

2022-02-0419:15:08

CWE-22

mitre

web.nvd.nist.gov

cve

directory traversal

northstar club management 6.3

nvd

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

48.9%

JSON

Directory traversal in /northstar/Common/NorthFileManager/fileManagerObjects.jsp Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to browse and list the directories across the entire filesystem of the host of the web application.

Affected configurations

Nvd

Node

globalnorthstarnorthstar_club_managementMatch6.3

VendorProductVersionCPE
globalnorthstarnorthstar_club_management6.3cpe:2.3:a:globalnorthstar:northstar_club_management:6.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
globalnorthstar	northstar_club_management	6.3	cpe:2.3:a:globalnorthstar:northstar_club_management:6.3:::::::*

References

Ardent-Security.com

ardent-security.com/en/advisory/asa-2021-06/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

48.9%

JSON

Related for CVE-2021-29398