Lucene search

[email protected]CVE-2021-45027

HistorySep 01, 2022 - 6:15 p.m.

CVE-2021-45027

2022-09-0118:15:09

CWE-494

[email protected]

web.nvd.nist.gov

cve-2021-45027

arbitrary file download

oliver v5 library server

security vulnerability

fileservlet

unsanitized input

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.01 Low

EPSS

Percentile

83.8%

JSON

An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 5.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input.

Affected configurations

NVD

Node

softlinkintoliver_v5_libraryRange<8.00.008.053

CPENameOperatorVersion
softlinkint:oliver_v5_librarysoftlinkint oliver v5 librarylt8.00.008.053

CPE	Name	Operator	Version
softlinkint:oliver_v5_library	softlinkint oliver v5 library	lt	8.00.008.053

References

www.exploit-db.com/exploits/50599

www.softlinkint.com/product/oliver/

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.01 Low

EPSS

Percentile

83.8%

JSON

Related for CVE-2021-45027

prion1 cvelist1 nvd1