CVE-2021-42797Path Traversal in Edge

CWE-22Path Traversal3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 55.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Aveva Edge
Timeline
PublishedDec 16

Description

Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDaveva/edge< 2020+1

🔴Vulnerability Details

2
CVEList
CVE-2021-42797: Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior allows an unauthenticated user to steal the Windows2023-12-16
GHSA
GHSA-4wwr-56pj-4v9h: Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior allows an unauthenticated user to steal the Windows2023-12-16
CVE-2021-42797 — Path Traversal in Aveva Edge | cvebase