CVE-2021-42787

CRITICAL

SteelCentral AppInternals Dynamic Sampling Agent 11.0.0-11.8.7 - Path Traversal and Arbitrary File Write

Title source: llm

Description

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentConfigurationServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/configuration" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected.

References (1)

Core 1

Core References

Third Party Advisory x_refsource_confirm

https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Write-Delete-Partial-Read-at-AgentConfigurationServlet-CVE-2021-42787

Scores

CVSS v3 9.4

EPSS 0.0128

EPSS Percentile 66.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Details

CWE

CWE-20 CWE-22

Status published

Products (2)

riverbed/steelcentral_appinternals_dynamic_sampling_agent 10.0.0

riverbed/steelcentral_appinternals_dynamic_sampling_agent 11.0.0 - 11.8.8

Published Mar 10, 2022

Tracked Since Feb 18, 2026