CVE-2021-45967

CRITICAL9.8EPSS 92.6%

發布日:2024/3/6修改日:2024/3/6

描述

An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.

受影響套件(1)

Bitnami/openfirefrom 0, < 4.5.0 | >= 4.5.0, <= 4.5.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

參考連結(4)

WEBhttps://kerbit.io/research/read/blog/4
WEBhttps://tutorialboy24.blogspot.com/2022/03/the-story-of-3-bugs-that-lead-to.html
WEBhttps://www.pascom.net/doc/en/release-notes/
WEBhttps://www.pascom.net/doc/en/release-notes/pascom19/