Vulnerability Database

318,003

Total vulnerabilities in the database

CVE-2021-4463

Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the intended directory.

Published: Nov 12, 2025
Updated: Nov 13, 2025
CVE: CVE-2021-4463
Exploit:

No technical information available.

CWEs:

CWE-22
CWE-552

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

No affected software listed.

https://cxsecurity.com/issue/WLB-2021070173
https://exchange.xforce.ibmcloud.com/vulnerabilities/206477
https://packetstormsecurity.com/files/163702
https://web.archive.org/web/20220527162453/http://www.ljkj2012.com/
https://www.exploit-db.com/exploits/50163
https://www.vulncheck.com/advisories/longjing-technology-bems-api-remote-arbitrary-file-download
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5657.php

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo