CVE-2021-3341
HIGHDH2i DxEnterprise and DxOdyssey 19.5-20.x - Path Traversal via DxWebEngine HTTP Request
Title source: llmDescription
A path traversal vulnerability in the DxWebEngine component of DH2i DxEnterprise and DxOdyssey for Windows, version 19.5 through 20.x before 20.0.219.0, allows an attacker to read any file on the host file system via an HTTP request.
References (1)
Core 1
Core References
Mitigation, Vendor Advisory x_refsource_misc
https://clients.dh2i.com/Support/Article.aspx?ID=2963454
Scores
CVSS v3
7.5
EPSS
0.0128
EPSS Percentile
66.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (2)
dh2i/dxenterprise
19.5 - 20.0.218
dh2i/dxodyssey
19.5 - 20.0.219
Published
Jan 29, 2021
Tracked Since
Feb 18, 2026