CVE-2021-40095

Name of the Vulnerable Software and Affected Versions SquaredUp for SCOM version 5.2.1.6654

Description An issue was discovered in the Download Log feature in System / Maintenance, which is susceptible to a local file inclusion vulnerability when processing remote input in the log files downloaded by an authenticated administrator user. This leads to the ability to read arbitrary files on the server filesystems.

Recommendations For SquaredUp for SCOM version 5.2.1.6654, consider disabling the Download Log feature in System / Maintenance until a patch is available to prevent exploitation of the local file inclusion vulnerability. Restrict access to the System / Maintenance section to minimize the risk of exploitation. Avoid using the Download Log feature with remote input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.