CVE-2021-32017

An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the listing of the content of the remote file system. This can be used to identify the complete server filesystem structure, i.e., identifying all the directories and files.

Published: Aug 3, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-32017
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.7
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
jump-technology / asset_management	3.6.0.04.009-2487	3.6.0.04.009-2487.x

https://cds.thalesgroup.com/en/tcs-cert/CVE-2021-32017
https://excellium-services.com/cert-xlm-advisory/cve-2021-32017/

Vulnerability Database

289,697

CVE-2021-32017