CVE-2021-28485

medium

Description

In Ericsson Mobile Switching Center Server (MSC-S) before IS 3.1 CP22, the SIS web application allows relative path traversal via a specific parameter in the https request after authentication, which allows access to files on the system that are not intended to be accessible via the web application.

References

https://www.gruppotim.it/it/footer/red-team.html

https://www.ericsson.com/en/about-us/security/psirt

Details

Source: Mitre, NVD

Published: 2023-09-14

Updated: 2023-10-25

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N