CVE-2021-32016

Name of the Vulnerable Software and Affected Versions: JUMP AMS version 3.6.0.04.009-2487

Description: An issue was discovered in JUMP AMS where a JUMP SOAP endpoint permitted the writing of arbitrary files to a user-controlled location on the remote filesystem with user-controlled content via directory traversal, potentially leading to remote code and command execution.

Recommendations: For JUMP AMS version 3.6.0.04.009-2487, consider restricting access to the JUMP SOAP endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.