CVE-2021-42854

Name of the Vulnerable Software and Affected Versions SteelCentral AppInternals Dynamic Sampling Agent (affected versions not specified)

Description The issue concerns directory traversal vulnerabilities in the SteelCentral AppInternals Dynamic Sampling Agent's PluginServlet. Specifically, the "/api/appInternals/1.0/plugin/pmx" API endpoint lacks input validation, allowing malicious payloads to be injected.

Recommendations As a temporary workaround, consider disabling access to the "/api/appInternals/1.0/plugin/pmx" API endpoint until a patch is available. Restrict input to the PluginServlet to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.