48 matches found
CVE-2021-42855 Local privilege escalation due to misconfigured write permission on .debug_command.config file
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent DSA uses the ".debugcommand.config" file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the "/api/appInternals/1.0/agent/configuration" API to map t...
CVE-2021-42855
CVE-2021-42855 affects the SteelCentral AppInternals Dynamic Sampling Agent (DSA). The issue stems from a configuration file named .debug_command.config that stores a JSON string listing IDs and pre-configured commands. This file is read by the API endpoint /api/appInternals/1.0/agent/configurati...
CVE-2021-42786 Remote Code Execution at AgentControllerServlet
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent DSA has Remote Code Execution vulnerabilities in multiple instances of the API requests. The affected endpoints do not have any input validation of the user's input that allowed a malicious payload to be injected...
CVE-2021-42853
CVE-2021-42853 concerns directory traversal in the SteelCentral AppInternals Dynamic Sampling Agent (DSA), specifically the AgentDiagnosticServlet at the /api/appInternals/1.0/agent/diagnostic/logs endpoint. The root cause, as described in the sources, is that this endpoint performs no input vali...
CVE-2021-42853 Directory Traversal Delete/Read at AgentDiagnosticServlet
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's DSA AgentDiagnosticServlet has directory traversal vulnerability at the "/api/appInternals/1.0/agent/diagnostic/logs" API. The affected endpoint does not have any input validation of the user's input that allows a...
PT-2022-11711 · Riverbed · Steelcentral Appinternals Dynamic Sampling Agent
Name of the Vulnerable Software and Affected Versions: SteelCentral AppInternals Dynamic Sampling Agent DSA affected versions not specified Description: A security issue was found in the SteelCentral AppInternals Dynamic Sampling Agent DSA, where it uses a ".debug command.config" file to store a...
CVE-2021-42787
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's DSA AgentConfigurationServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/configuration" API. The affected endpoint does not have any input validation of the user's input that allows a...
CVE-2021-42786
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent DSA has Remote Code Execution vulnerabilities in multiple instances of the API requests. The affected endpoints do not have any input validation of the user's input that allowed a malicious payload to be injected...