PT-2021-21652 · Nch · Nch Flexiserver
Published
2021-07-25
·
Updated
2021-08-05
·
CVE-2021-37439
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
NCH FlexiServer version 6.00
Description
The issue is related to a path traversal vulnerability in the syslog component, where an attacker can potentially access files outside the intended directory by manipulating the
file parameter in the syslog request, such as syslog?file=/...Recommendations
For NCH FlexiServer version 6.00, as a temporary workaround, consider restricting access to the syslog component to minimize the risk of exploitation. Avoid using the
file parameter in the syslog endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nch Flexiserver