CVE-2021-42857
MEDIUMRiverbed SteelCentral AppInternals Dynamic Sampling Agent 11.0.0-11.8.7 - Path Traversal via AgentDaServlet API
Title source: llmDescription
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDaServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/da/pcf" API. The affected endpoint does not have any validation of the user's input that allows a malicious payload to be injected.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_confirm
https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Partial-Write-at-AgentDaServlet-CVE-2021-42857
Scores
CVSS v3
5.3
EPSS
0.0111
EPSS Percentile
61.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-20
CWE-22
Status
published
Products (2)
riverbed/steelcentral_appinternals_dynamic_sampling_agent
10.0.0
riverbed/steelcentral_appinternals_dynamic_sampling_agent
11.0.0 - 11.8.8
Published
Mar 10, 2022
Tracked Since
Feb 18, 2026