PT-2021-19630 · Jump Ams+1 · Jump Ams+1

Thomas Pianezzola

Published

2021-08-03

Updated

2021-08-12

CVE-2021-32018

CVSS v3.1

8.5

High

Vector

AC:L/AV:N/A:L/C:H/I:N/PR:L/S:C/UI:N

Name of the Vulnerable Software and Affected Versions: JUMP AMS version 3.6.0.04.009-2487

Description: An issue was discovered in the JUMP SOAP API, which is vulnerable to arbitrary file reading due to an improper limitation of file loading on the server filesystem, also known as directory traversal.

Recommendations: For JUMP AMS version 3.6.0.04.009-2487, consider restricting access to the JUMP SOAP API until a patch is available. As a temporary workaround, limit the file loading on the server filesystem to prevent directory traversal. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2021-32018

Affected Products

Jump Ams

Jump Soap Api

PT-2021-19630 · Jump Ams+1 · Jump Ams+1

CVE-2021-32018

Weakness Enumeration

Related Identifiers

Affected Products

References · 5