CVE-2021-40095
Last modified
CVE-2021-40095 is a medium-severity vulnerability rated 4.9/10 on the CVSS scale. An issue was discovered in SquaredUp for SCOM 5.2.1.6654. The Download Log feature in System / Maintenance was susceptible to a local file inclusion vulnerability (when processing remote input in the log files downloaded by an authenticated administrator user), leading to the ability to read arbitrary files on the server filesystems.. EPSS estimates a 0.98% chance of exploitation in the next 30 days.
Description
An issue was discovered in SquaredUp for SCOM 5.2.1.6654. The Download Log feature in System / Maintenance was susceptible to a local file inclusion vulnerability (when processing remote input in the log files downloaded by an authenticated administrator user), leading to the ability to read arbitrary files on the server filesystems.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Squaredup | Squaredup | < 5.3.1 |
References
- https://support.squaredup.comVendor Advisory
- https://support.squaredup.comVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-40095?
How severe is CVE-2021-40095?
How do I fix CVE-2021-40095?
Are you affected by CVE-2021-40095?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST