CVE-2021-40095 - Reading arbitrary files
CVE:CVE-2021-40095
Description
An issue was discovered in SquaredUp for SCOM 5.2.1.6654. The Download Log feature in System / Maintenance was susceptible to a local file inclusion vulnerability, leading to the ability to read arbitrary files on the server filesystems.
What should you do?
If you are using a Dashboard Server version earlier than 5.3.1, update to version 5.3.1 or later.
Affected and resolved software versions
Product | Affected versions | Resolved versions |
SCOMÂ Edition | Versions earlier than 5.3.1 | 5.3.1 and later versions |
Azure Edition | Versions earlier than 5.3.1 | 5.3.1 and later versions |
Community Edition | Versions earlier than 5.3.1 | 5.3.1 and later versions |
Acknowledgement
SquaredUp would like to thank Kajetan Rostojek from ING Tech Poland for reporting this vulnerability.
Did you notice a vulnerability or need further help?
Please contact SquaredUp Support if you have any questions about this vulnerability or need further help.
If you believe you've found a different security vulnerability in one of our products please report it by emailing our support team so we can work on fixing it: security@squaredup.com
Revision history of this article
10.11.2021 | Initial release |