Vulnerability Description
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDiagnosticServlet has directory traversal vulnerability at the "/api/appInternals/1.0/agent/diagnostic/logs" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Riverbed | Steelcentral Appinternals Dynamic Sampling Agent | >= 11.0.0, < 11.8.8 |
Related Weaknesses (CWE)
References
- https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Delete-Third Party Advisory
- https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Delete-Third Party Advisory
FAQ
What is CVE-2021-42853?
CVE-2021-42853 is a vulnerability with a CVSS score of 9.1 (CRITICAL). It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDiagnosticServlet has directory traversal vulnerability at the "/api/appInternals/1.0/agent/diagnostic/logs" AP...
How severe is CVE-2021-42853?
CVE-2021-42853 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-42853?
Check the references section above for vendor advisories and patch information. Affected products include: Riverbed Steelcentral Appinternals Dynamic Sampling Agent.