CVE-2021-45448 (GCVE-0-2021-45448)

Vulnerability from cvelistv5 – Published: 2022-11-02 15:12 – Updated: 2025-05-02 15:48
VLAI?
Summary
Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds.  The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.  By using special elements such as ".." and "/" separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system.
Severity ?
7.1 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CWE
  • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
Vendor Product Version
Hitachi Vantara Pentaho Business Analytics Server Affected: 9.2 , < 9.2.0.2 (ALL)
Affected: 1.0 , < 8.3.0.25 (All)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:39:21.052Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.pentaho.com/hc/en-us/articles/6744743458701"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-45448",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-02T15:47:51.519451Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-02T15:48:03.329Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Pentaho Analyzer plugin"
          ],
          "product": "Pentaho Business Analytics Server",
          "vendor": "Hitachi Vantara",
          "versions": [
            {
              "lessThan": "9.2.0.2",
              "status": "affected",
              "version": "9.2",
              "versionType": "ALL"
            },
            {
              "lessThan": "8.3.0.25",
              "status": "affected",
              "version": "1.0",
              "versionType": "All"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\u003cp\u003ePentaho Business Analytics\n Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho \nAnalyzer plugin exposes a service endpoint for templates which allows a \nuser-supplied path to access resources that are out of bounds.\u0026nbsp;\n\nThe software uses external input to construct a pathname that is intended to identify a file or \ndirectory that is located underneath a restricted parent directory, but the software does not \nproperly neutralize special elements within the pathname that can cause the pathname to \nresolve to a location that is outside of the restricted directory. \u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;By using special elements such as \n\"..\" and \"/\" separators, attackers can escape outside of the restricted \nlocation to access files or directories that are elsewhere on the \nsystem.\u003c/span\u003e\u003c/p\u003e\n\n"
            }
          ],
          "value": "Pentaho Business Analytics\n Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho \nAnalyzer plugin exposes a service endpoint for templates which allows a \nuser-supplied path to access resources that are out of bounds.\u00a0\n\nThe software uses external input to construct a pathname that is intended to identify a file or \ndirectory that is located underneath a restricted parent directory, but the software does not \nproperly neutralize special elements within the pathname that can cause the pathname to \nresolve to a location that is outside of the restricted directory. \u00a0By using special elements such as \n\"..\" and \"/\" separators, attackers can escape outside of the restricted \nlocation to access files or directories that are elsewhere on the \nsystem.\n\n\n\n"
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Many file operations are intended to take place within a restricted directory. By using special  elements such as \"..\" and \"/\" separators, attackers can escape outside of the restricted  location to access files or directories that are elsewhere on the system"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-02T15:12:25.164Z",
        "orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
        "shortName": "HITVAN"
      },
      "references": [
        {
          "url": "https://support.pentaho.com/hc/en-us/articles/6744743458701"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\nThe defect may be mitigated either by uninstalling the Pentaho Analyzer plugin or upgrading\u0026nbsp;to the latest Hitachi Vantara Pentaho version \n9.3 release. For versions 9.2 and 8.3 we recommend updating to Service \nPacks 9.2.0.2/8.3.0.25 or above where this vulnerability is addressed. \n\n\u003cbr\u003e"
            }
          ],
          "value": "\n\nThe defect may be mitigated either by uninstalling the Pentaho Analyzer plugin or upgrading\u00a0to the latest Hitachi Vantara Pentaho version \n9.3 release. For versions 9.2 and 8.3 we recommend updating to Service \nPacks 9.2.0.2/8.3.0.25 or above where this vulnerability is addressed. \n\n\n"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Pentaho Business Analytics Server - Pentaho Analyzer plugin exposes a service endpoint for templates which  allows a user supplied path to access resources that are out of bounds.",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
    "assignerShortName": "HITVAN",
    "cveId": "CVE-2021-45448",
    "datePublished": "2022-11-02T15:12:25.164Z",
    "dateReserved": "2021-12-21T05:57:40.703Z",
    "dateUpdated": "2025-05-02T15:48:03.329Z",
    "requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hitachi:vantara_pentaho:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.3.0.0\", \"versionEndExcluding\": \"8.3.0.25\", \"matchCriteriaId\": \"AB67F45F-D25C-4B85-8819-433D89F3EF1F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hitachi:vantara_pentaho:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.2.0.0\", \"versionEndExcluding\": \"9.2.0.2\", \"matchCriteriaId\": \"111F5389-BE1D-480F-8229-3EEDF8F6D82A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Pentaho Business Analytics\\n Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho \\nAnalyzer plugin exposes a service endpoint for templates which allows a \\nuser-supplied path to access resources that are out of bounds.\\u00a0\\n\\nThe software uses external input to construct a pathname that is intended to identify a file or \\ndirectory that is located underneath a restricted parent directory, but the software does not \\nproperly neutralize special elements within the pathname that can cause the pathname to \\nresolve to a location that is outside of the restricted directory. \\u00a0By using special elements such as \\n\\\"..\\\" and \\\"/\\\" separators, attackers can escape outside of the restricted \\nlocation to access files or directories that are elsewhere on the \\nsystem.\\n\\n\\n\\n\"}, {\"lang\": \"es\", \"value\": \"Las versiones de Pentaho Business Analytics Server anteriores a 9.2.0.2 y 8.3.0.25 que utilizan el complemento Pentaho Analyzer exponen un endpoint de servicio para plantillas que permite una ruta proporcionada por el usuario para acceder a recursos que est\\u00e1n fuera de los l\\u00edmites. El software utiliza entradas externas para construir un nombre de ruta destinado a identificar un archivo o directorio que se encuentra debajo de un directorio principal restringido, pero el software no neutraliza adecuadamente los elementos especiales dentro del nombre de ruta que pueden hacer que el nombre de ruta se resuelva en una ubicaci\\u00f3n que est\\u00e1 fuera del directorio restringido. Al utilizar elementos especiales como separadores \\\"..\\\" y \\\"/\\\", los atacantes pueden escapar de la ubicaci\\u00f3n restringida para acceder a archivos o directorios que se encuentran en otras partes del sistema.\"}]",
      "id": "CVE-2021-45448",
      "lastModified": "2024-11-21T06:32:13.740",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security.vulnerabilities@hitachivantara.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N\", \"baseScore\": 7.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 4.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}]}",
      "published": "2022-11-02T16:15:09.897",
      "references": "[{\"url\": \"https://support.pentaho.com/hc/en-us/articles/6744743458701\", \"source\": \"security.vulnerabilities@hitachivantara.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.pentaho.com/hc/en-us/articles/6744743458701\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security.vulnerabilities@hitachivantara.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security.vulnerabilities@hitachivantara.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-45448\",\"sourceIdentifier\":\"security.vulnerabilities@hitachivantara.com\",\"published\":\"2022-11-02T16:15:09.897\",\"lastModified\":\"2024-11-21T06:32:13.740\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Pentaho Business Analytics\\n Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho \\nAnalyzer plugin exposes a service endpoint for templates which allows a \\nuser-supplied path to access resources that are out of bounds.\u00a0\\n\\nThe software uses external input to construct a pathname that is intended to identify a file or \\ndirectory that is located underneath a restricted parent directory, but the software does not \\nproperly neutralize special elements within the pathname that can cause the pathname to \\nresolve to a location that is outside of the restricted directory. \u00a0By using special elements such as \\n\\\"..\\\" and \\\"/\\\" separators, attackers can escape outside of the restricted \\nlocation to access files or directories that are elsewhere on the \\nsystem.\\n\\n\\n\\n\"},{\"lang\":\"es\",\"value\":\"Las versiones de Pentaho Business Analytics Server anteriores a 9.2.0.2 y 8.3.0.25 que utilizan el complemento Pentaho Analyzer exponen un endpoint de servicio para plantillas que permite una ruta proporcionada por el usuario para acceder a recursos que est\u00e1n fuera de los l\u00edmites. El software utiliza entradas externas para construir un nombre de ruta destinado a identificar un archivo o directorio que se encuentra debajo de un directorio principal restringido, pero el software no neutraliza adecuadamente los elementos especiales dentro del nombre de ruta que pueden hacer que el nombre de ruta se resuelva en una ubicaci\u00f3n que est\u00e1 fuera del directorio restringido. Al utilizar elementos especiales como separadores \\\"..\\\" y \\\"/\\\", los atacantes pueden escapar de la ubicaci\u00f3n restringida para acceder a archivos o directorios que se encuentran en otras partes del sistema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security.vulnerabilities@hitachivantara.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":4.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security.vulnerabilities@hitachivantara.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:vantara_pentaho:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.3.0.0\",\"versionEndExcluding\":\"8.3.0.25\",\"matchCriteriaId\":\"AB67F45F-D25C-4B85-8819-433D89F3EF1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:vantara_pentaho:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.2.0.0\",\"versionEndExcluding\":\"9.2.0.2\",\"matchCriteriaId\":\"111F5389-BE1D-480F-8229-3EEDF8F6D82A\"}]}]}],\"references\":[{\"url\":\"https://support.pentaho.com/hc/en-us/articles/6744743458701\",\"source\":\"security.vulnerabilities@hitachivantara.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.pentaho.com/hc/en-us/articles/6744743458701\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.pentaho.com/hc/en-us/articles/6744743458701\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T04:39:21.052Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-45448\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-02T15:47:51.519451Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-02T15:47:55.495Z\"}}], \"cna\": {\"title\": \"Pentaho Business Analytics Server - Pentaho Analyzer plugin exposes a service endpoint for templates which  allows a user supplied path to access resources that are out of bounds.\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"descriptions\": [{\"lang\": \"en\", \"value\": \"Many file operations are intended to take place within a restricted directory. By using special  elements such as \\\"..\\\" and \\\"/\\\" separators, attackers can escape outside of the restricted  location to access files or directories that are elsewhere on the system\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Hitachi Vantara\", \"modules\": [\"Pentaho Analyzer plugin\"], \"product\": \"Pentaho Business Analytics Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.2\", \"lessThan\": \"9.2.0.2\", \"versionType\": \"ALL\"}, {\"status\": \"affected\", \"version\": \"1.0\", \"lessThan\": \"8.3.0.25\", \"versionType\": \"All\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"\\n\\nThe defect may be mitigated either by uninstalling the Pentaho Analyzer plugin or upgrading\\u00a0to the latest Hitachi Vantara Pentaho version \\n9.3 release. For versions 9.2 and 8.3 we recommend updating to Service \\nPacks 9.2.0.2/8.3.0.25 or above where this vulnerability is addressed. \\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\\nThe defect may be mitigated either by uninstalling the Pentaho Analyzer plugin or upgrading\u0026nbsp;to the latest Hitachi Vantara Pentaho version \\n9.3 release. For versions 9.2 and 8.3 we recommend updating to Service \\nPacks 9.2.0.2/8.3.0.25 or above where this vulnerability is addressed. \\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://support.pentaho.com/hc/en-us/articles/6744743458701\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Pentaho Business Analytics\\n Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho \\nAnalyzer plugin exposes a service endpoint for templates which allows a \\nuser-supplied path to access resources that are out of bounds.\\u00a0\\n\\nThe software uses external input to construct a pathname that is intended to identify a file or \\ndirectory that is located underneath a restricted parent directory, but the software does not \\nproperly neutralize special elements within the pathname that can cause the pathname to \\nresolve to a location that is outside of the restricted directory. \\u00a0By using special elements such as \\n\\\"..\\\" and \\\"/\\\" separators, attackers can escape outside of the restricted \\nlocation to access files or directories that are elsewhere on the \\nsystem.\\n\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\u003cp\u003ePentaho Business Analytics\\n Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho \\nAnalyzer plugin exposes a service endpoint for templates which allows a \\nuser-supplied path to access resources that are out of bounds.\u0026nbsp;\\n\\nThe software uses external input to construct a pathname that is intended to identify a file or \\ndirectory that is located underneath a restricted parent directory, but the software does not \\nproperly neutralize special elements within the pathname that can cause the pathname to \\nresolve to a location that is outside of the restricted directory. \u003cspan style=\\\"background-color: var(--wht);\\\"\u003e\u0026nbsp;By using special elements such as \\n\\\"..\\\" and \\\"/\\\" separators, attackers can escape outside of the restricted \\nlocation to access files or directories that are elsewhere on the \\nsystem.\u003c/span\u003e\u003c/p\u003e\\n\\n\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"dce6e192-ff49-4263-9134-f0beccb9bc13\", \"shortName\": \"HITVAN\", \"dateUpdated\": \"2022-11-02T15:12:25.164Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-45448\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-02T15:48:03.329Z\", \"dateReserved\": \"2021-12-21T05:57:40.703Z\", \"assignerOrgId\": \"dce6e192-ff49-4263-9134-f0beccb9bc13\", \"datePublished\": \"2022-11-02T15:12:25.164Z\", \"requesterUserId\": \"520cc88b-a1c8-44f6-9154-21a4d74c769f\", \"assignerShortName\": \"HITVAN\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.