Lucene search
K

48 matches found

Cvelist
Cvelist
added 2022/03/09 4:51 p.m.26 views

CVE-2021-42855 Local privilege escalation due to misconfigured write permission on .debug_command.config file

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent DSA uses the ".debugcommand.config" file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the "/api/appInternals/1.0/agent/configuration" API to map t...

7.8CVSS7.9AI score0.00214EPSS
Exploits0References1
CVE
CVE
added 2022/03/09 4:51 p.m.78 views

CVE-2021-42855

CVE-2021-42855 affects the SteelCentral AppInternals Dynamic Sampling Agent (DSA). The issue stems from a configuration file named .debug_command.config that stores a JSON string listing IDs and pre-configured commands. This file is read by the API endpoint /api/appInternals/1.0/agent/configurati...

7.8CVSS7.7AI score0.00214EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/03/09 4:51 p.m.26 views

CVE-2021-42786 Remote Code Execution at AgentControllerServlet

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent DSA has Remote Code Execution vulnerabilities in multiple instances of the API requests. The affected endpoints do not have any input validation of the user's input that allowed a malicious payload to be injected...

9.8CVSS9.9AI score0.01961EPSS
Exploits0References1
CVE
CVE
added 2022/03/09 4:51 p.m.78 views

CVE-2021-42853

CVE-2021-42853 concerns directory traversal in the SteelCentral AppInternals Dynamic Sampling Agent (DSA), specifically the AgentDiagnosticServlet at the /api/appInternals/1.0/agent/diagnostic/logs endpoint. The root cause, as described in the sources, is that this endpoint performs no input vali...

9.8CVSS9.5AI score0.01507EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/03/09 4:51 p.m.18 views

CVE-2021-42853 Directory Traversal Delete/Read at AgentDiagnosticServlet

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's DSA AgentDiagnosticServlet has directory traversal vulnerability at the "/api/appInternals/1.0/agent/diagnostic/logs" API. The affected endpoint does not have any input validation of the user's input that allows a...

9.1CVSS9.6AI score0.01507EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/03/09 12:0 a.m.4 views

PT-2022-11711 · Riverbed · Steelcentral Appinternals Dynamic Sampling Agent

Name of the Vulnerable Software and Affected Versions: SteelCentral AppInternals Dynamic Sampling Agent DSA affected versions not specified Description: A security issue was found in the SteelCentral AppInternals Dynamic Sampling Agent DSA, where it uses a ".debug command.config" file to store a...

7.8CVSS7.5AI score0.00214EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/02/23 10:30 a.m.2 views

CVE-2021-42787

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's DSA AgentConfigurationServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/configuration" API. The affected endpoint does not have any input validation of the user's input that allows a...

9.8CVSS7.2AI score0.01277EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/02/23 10:30 a.m.4 views

CVE-2021-42786

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent DSA has Remote Code Execution vulnerabilities in multiple instances of the API requests. The affected endpoints do not have any input validation of the user's input that allowed a malicious payload to be injected...

9.8CVSS7.4AI score0.01961EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder