CVE-2021-42787— Directory Traversal Write/Delete/Partial Read at AgentConfigurationServlet
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-42787
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Directory Traversal Write/Delete/Partial Read at AgentConfigurationServlet
Source: NVD (National Vulnerability Database)
Vulnerability Description
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentConfigurationServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/configuration" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Aternity SteelCentral AppInternals 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Aternity SteelCentral AppInternals是美国Aternity公司的一个监控现代自动化解决方案。提供应用程序性能监控 (APM) 和诊断。 Aternity SteelCentral AppInternals Dynamic Sampling Agent(DSA) AgentConfigurationServlet存在安全漏洞,该漏洞允许注入恶意负载的用户输入的输入验证。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Aternity | SteelCentral AppInternals Dynamic Sampling Agent | 10.x | - |
II. Public POCs for CVE-2021-42787
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-42787
请登录查看更多情报信息。
Same Patch Batch · Aternity · 2022-03-09 · 7 CVEs total
| CVE-2021-42786 | 9.8 CRITICAL | Remote Code Execution at AgentControllerServlet |
| CVE-2021-42854 | 9.8 CRITICAL | Directory Traversal Read/Write/Delete at PluginServlet |
| CVE-2021-42853 | 9.1 CRITICAL | Directory Traversal Delete/Read at AgentDiagnosticServlet |
| CVE-2021-42855 | 7.8 HIGH | Local privilege escalation due to misconfigured write permission on .debug_command.config |
| CVE-2021-42857 | 5.3 MEDIUM | Directory Traversal Partial Write at AgentDaServlet |
| CVE-2021-42856 | 4.7 MEDIUM | Reflected Cross-site Scripting at DsaDataTest |
IV. Related Vulnerabilities
Same product: SteelCentral AppInternals Dynamic Sampling Agent
- CVE-2021-42854
Directory Traversal Read/Write/Delete at PluginServlet - CVE-2021-42856
Reflected Cross-site Scripting at DsaDataTest - CVE-2021-42857
Directory Traversal Partial Write at AgentDaServlet - CVE-2021-42855
Local privilege escalation due to misconfigured write permis - CVE-2021-42786
Remote Code Execution at AgentControllerServlet
Same vendor: Aternity
- CVE-2021-42854
Directory Traversal Read/Write/Delete at PluginServlet - CVE-2021-42856
Reflected Cross-site Scripting at DsaDataTest - CVE-2021-42857
Directory Traversal Partial Write at AgentDaServlet - CVE-2021-42855
Local privilege escalation due to misconfigured write permis - CVE-2021-42786
Remote Code Execution at AgentControllerServlet
Same weakness: CWE-20
- CVE-2026-27891
Remote Code Execution (RCE) via Zip Slip in Plugin Upload Me - CVE-2026-45492
Microsoft Edge (Chromium-based) Security Feature Bypass Vuln - CVE-2026-45317
Open WebUI: Cross-Site Request Forgery (CSRF) via Image URL - CVE-2025-29936
AMD平台管理框架输入验证缺陷导致权限提升 - CVE-2026-42327
rust-openssl: undefined behavior in X509Ref::ocsp_responders
V. Comments for CVE-2021-42787
No comments yet