CVE-2021-32016

CVE-2021-32016

by mathildeexlm

Abstract Advisory Information

An endpoint is vulnerable to arbitrary file write, leading to potential remote code execution.

Authors: Thomas PIANEZZOLA

Version affected

Name: JUMP AMS
Versions: 3.6.0.04.009-2487

Common Vulnerability Scoring System

5.4

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Patches

Main Version:

3.7.0.13.000

Services Packs:

3.7.0.10.012 LTS

3.7.0.12.002

References

Vulnerability Disclosure Timeline

  • 31/03/2021: Vulnerability discovery
  • 16/04/2021: Vulnerability Report to CERT-XLM
  • 22/04/2021: Vulnerability Report to JUMP
  • 22/04/2021: JUMP acknowledgment
  • 03/05/2021: Request CVE IDs to Mitre
  • 04/05/2021: Got CVE IDs from Mitre
  • 21/07/2021: JUMP patch release
  • 30/07/2021: Public Vulnerability disclosure
Top