Vulnerability Description
Absolute path traversal vulnerability in the Systematica SMTP Adapter component (up to v2.0.1.101) in Systematica Radius (up to v.3.9.256.777) allows remote attackers to read arbitrary files via a full pathname in GET parameter "file" in URL. Also: affected components in same product - HTTP Adapter (up to v.1.8.0.15), MSSQL MessageBus Proxy (up to v.1.1.06), Financial Calculator (up to v.1.3.05), FIX Adapter (up to v.2.4.0.25)
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Systematica | Financial Calculator | <= 1.3.05 |
| Systematica | Fix Adapter | <= 2.4.0.25 |
| Systematica | Http Adapter | <= 1.8.0.15 |
| Systematica | Mssql Messagebus Proxy | <= 1.1.06 |
| Systematica | Radius | <= 3.9.256.777 |
| Systematica | Smtp Adapter | <= 2.0.1.101 |
Related Weaknesses (CWE)
References
- https://github.com/fbkcs/CVE-2021-35975ExploitThird Party Advisory
- https://github.com/fbkcs/CVE-2021-35975ExploitThird Party Advisory
FAQ
What is CVE-2021-35975?
CVE-2021-35975 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Absolute path traversal vulnerability in the Systematica SMTP Adapter component (up to v2.0.1.101) in Systematica Radius (up to v.3.9.256.777) allows remote attackers to read arbitrary files via a ful...
How severe is CVE-2021-35975?
CVE-2021-35975 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-35975?
Check the references section above for vendor advisories and patch information. Affected products include: Systematica Financial Calculator, Systematica Fix Adapter, Systematica Http Adapter, Systematica Mssql Messagebus Proxy, Systematica Radius.