First published: Sun Jul 25 2021(Updated: )
NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Nchsoftware Ivm Attendant | <=5.12 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2021-37442.
The severity of CVE-2021-37442 is medium.
CVE-2021-37442 allows path traversal via viewfile?file=/.. to read files in NCH IVM Attendant v5.12 and earlier.
If you are using NCH IVM Attendant version 5.12 or earlier, your software may be affected by CVE-2021-37442.
To fix CVE-2021-37442, it is recommended to update NCH IVM Attendant to a version higher than 5.12.