AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
References
Link | Resource |
---|---|
https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-002.pdf | Vendor Advisory |
https://www.cisa.gov/uscert/ics/advisories/icsa-21-180-05 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2022-04-04T19:45:50
Updated: 2022-04-04T19:45:50
Reserved: 2021-05-13T00:00:00
Link: CVE-2021-32981
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-04-04T20:15:08.993
Modified: 2022-04-13T12:48:51.487
Link: CVE-2021-32981
JSON object: View
Redhat Information
No data.
CWE