CVE-2021-35975

Name of the Vulnerable Software and Affected Versions Systematica Radius versions up to 3.9.256.777 Systematica SMTP Adapter component versions up to 2.0.1.101 HTTP Adapter versions up to 1.8.0.15 MSSQL MessageBus Proxy versions up to 1.1.06 Financial Calculator versions up to 1.3.05 FIX Adapter versions up to 2.4.0.25

Description The issue allows remote attackers to read arbitrary files via a full pathname in the file parameter in a URL. This is an absolute path traversal vulnerability.

Recommendations For Systematica Radius versions up to 3.9.256.777, update the Systematica SMTP Adapter component to a version later than 2.0.1.101. For Systematica SMTP Adapter component versions up to 2.0.1.101, avoid using the file parameter in URLs until a patch is available. For HTTP Adapter versions up to 1.8.0.15, restrict access to the adapter to minimize the risk of exploitation. For MSSQL MessageBus Proxy versions up to 1.1.06, consider disabling the proxy until a patch is available. For Financial Calculator versions up to 1.3.05, restrict access to the calculator to minimize the risk of exploitation. For FIX Adapter versions up to 2.4.0.25, consider disabling the adapter until a patch is available.