CVE-2021-45967

CRITICAL9.8EPSS 92.6%

Published: 3/6/2024Modified: 3/6/2024

Description

An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.

Affected packages (1)

Bitnami/openfirefrom 0, < 4.5.0 | >= 4.5.0, <= 4.5.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (4)

WEBhttps://kerbit.io/research/read/blog/4
WEBhttps://tutorialboy24.blogspot.com/2022/03/the-story-of-3-bugs-that-lead-to.html
WEBhttps://www.pascom.net/doc/en/release-notes/
WEBhttps://www.pascom.net/doc/en/release-notes/pascom19/