CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-32093

The ConfigFileAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to read arbitrary files via the ConfigName parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 50.6%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

https://blog.sonarsource.com/code-vulnerabilities-in-nsa-application-revealed
https://portswigger.net/daily-swig/nsa-workflow-application-emissary-vulnerable-to-malicious-takeover
https://blog.sonarsource.com/code-vulnerabilities-in-nsa-application-revealed
https://portswigger.net/daily-swig/nsa-workflow-application-emissary-vulnerable-to-malicious-takeover

Products affected by CVE-2021-32093

Nsa » Emissary » Version: 5.9.0

cpe:2.3:a:nsa:emissary:5.9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-32093

Products

Pricing

Contact Us