PT-2022-11427 · Leostream · Leostream Connection Broker

Published

2022-01-18

Updated

2022-07-12

CVE-2021-41551

CVSS v3.1

4.9

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Leostream Connection Broker version 9.0.40.17

Description The issue allows administrators to conduct directory traversal attacks by uploading a ZIP file that contains a symbolic link. This can potentially lead to unauthorized access to sensitive files or directories.

Recommendations For Leostream Connection Broker version 9.0.40.17, consider restricting the upload of ZIP files or implementing validation checks to prevent the inclusion of symbolic links as a temporary workaround until a patch is available.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2021-41551

Affected Products

Leostream Connection Broker

PT-2022-11427 · Leostream · Leostream Connection Broker

CVE-2021-41551

Weakness Enumeration

Related Identifiers

Affected Products

References · 7