PT-2021-16701 · Unknown · Filterprovider

Hard

Published

2021-12-08

Updated

2021-12-10

CVE-2021-25511

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FilterProvider versions prior to SMR Dec-2021 Release 1

Description The issue is related to an improper validation vulnerability in FilterProvider, allowing attackers to write arbitrary files via a path traversal vulnerability. This enables attackers to potentially access and modify sensitive data.

Recommendations For versions prior to SMR Dec-2021 Release 1, update to the SMR Dec-2021 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.

Fix

RCE

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-22

Related Identifiers

CVE-2021-25511

Affected Products

Filterprovider

PT-2021-16701 · Unknown · Filterprovider

CVE-2021-25511

Weakness Enumeration

Related Identifiers

Affected Products

References · 5