CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-29395

HIGH
7.5
CVSS Severity Score
EPSS Score0.1900%
EPSS Percentile29.01th
Published2022年2月4日
Last Modified2024年11月21日

Vulnerability Description

Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP source code, across the filesystem of the host of the web application.

Affected Platforms (CPE)

📦
Globalnorthstar

Northstar Club Management

= 6.3

References & Advisories

🔗 https://Ardent-Security.com
🔗 https://ardent-security.com/en/advisory/asa-2021-03/
🔗 https://Ardent-Security.com
🔗 https://ardent-security.com/en/advisory/asa-2021-03/

関連する脆弱性情報

CVE-2021-293939.8

Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote ...

CVE-2021-293969.8

Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to u...

CVE-2021-293977.5

Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Managem...

CVE-2021-293946.5

Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote...