CVE-2021-42857— Directory Traversal Partial Write at AgentDaServlet
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-42857
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Directory Traversal Partial Write at AgentDaServlet
Source: NVD (National Vulnerability Database)
Vulnerability Description
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDaServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/da/pcf" API. The affected endpoint does not have any validation of the user's input that allows a malicious payload to be injected.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Aternity SteelCentral AppInternals 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Aternity SteelCentral AppInternals是美国Aternity公司的一个监控现代自动化解决方案。提供应用程序性能监控 (APM) 和诊断。 SteelCentral AppInternals Dynamic Sampling Agent(DSA) AgentDaServlet存在安全漏洞,该漏洞允许注入恶意负载的用户输入进行任何验证。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Aternity | SteelCentral AppInternals Dynamic Sampling Agent | 10.x | - |
II. Public POCs for CVE-2021-42857
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-42857
请登录查看更多情报信息。
Other References for CVE-2021-42857 (1)
Same Patch Batch · Aternity · 2022-03-09 · 7 CVEs total
| CVE-2021-42786 | 9.8 CRITICAL | Remote Code Execution at AgentControllerServlet |
| CVE-2021-42854 | 9.8 CRITICAL | Directory Traversal Read/Write/Delete at PluginServlet |
| CVE-2021-42787 | 9.4 CRITICAL | Directory Traversal Write/Delete/Partial Read at AgentConfigurationServlet |
| CVE-2021-42853 | 9.1 CRITICAL | Directory Traversal Delete/Read at AgentDiagnosticServlet |
| CVE-2021-42855 | 7.8 HIGH | Local privilege escalation due to misconfigured write permission on .debug_command.config |
| CVE-2021-42856 | 4.7 MEDIUM | Reflected Cross-site Scripting at DsaDataTest |
IV. Related Vulnerabilities
Same product: SteelCentral AppInternals Dynamic Sampling Agent
- CVE-2021-42854
Directory Traversal Read/Write/Delete at PluginServlet - CVE-2021-42856
Reflected Cross-site Scripting at DsaDataTest - CVE-2021-42787
Directory Traversal Write/Delete/Partial Read at AgentConfig - CVE-2021-42855
Local privilege escalation due to misconfigured write permis - CVE-2021-42786
Remote Code Execution at AgentControllerServlet
Same vendor: Aternity
- CVE-2021-42854
Directory Traversal Read/Write/Delete at PluginServlet - CVE-2021-42856
Reflected Cross-site Scripting at DsaDataTest - CVE-2021-42787
Directory Traversal Write/Delete/Partial Read at AgentConfig - CVE-2021-42855
Local privilege escalation due to misconfigured write permis - CVE-2021-42786
Remote Code Execution at AgentControllerServlet
Same weakness: CWE-20
- CVE-2025-33221
NVIDIA Display Driver 权限分配漏洞 - CVE-2026-24195
NVIDIA Display Driver Linux UVM输入验证漏洞导致拒绝服务 - CVE-2026-45721
Algernon: handler.lua discovery walks parent directories abo - CVE-2026-43935
e107: Host Header Injection in e107 password reset enables p - CVE-2026-26147
Azure Stack HCI Information Disclosure Vulnerability
V. Comments for CVE-2021-42857
No comments yet