PT-2021-14166 · Unknown · Clusterpro X+3
Published
2021-11-02
·
Updated
2022-04-29
·
CVE-2021-20707
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
CLUSTERPRO X versions 4.3 and earlier
EXPRESSCLUSTER X versions 4.3 and earlier
CLUSTERPRO X SingleServerSafe versions 4.3 and earlier
EXPRESSCLUSTER X SingleServerSafe versions 4.3 and earlier
Description:
The issue is related to improper input validation in the Transaction Server, allowing an attacker to read files uploaded via the network. This can potentially lead to unauthorized access to sensitive data.
Recommendations:
For CLUSTERPRO X versions 4.3 and earlier, update to a version later than 4.3 to resolve the issue.
For EXPRESSCLUSTER X versions 4.3 and earlier, update to a version later than 4.3 to resolve the issue.
For CLUSTERPRO X SingleServerSafe versions 4.3 and earlier, update to a version later than 4.3 to resolve the issue.
For EXPRESSCLUSTER X SingleServerSafe versions 4.3 and earlier, update to a version later than 4.3 to resolve the issue.
As a temporary workaround, consider restricting network access to the Transaction Server to minimize the risk of exploitation.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Clusterpro X
Clusterpro X Singleserversafe
Expresscluster X
Expresscluster X Singleserversafe