CVE-2021-33576

2021-06-1810:53:06

mitre

www.cve.org

9.6 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.4%

JSON

An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk.

References

github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0011.md

www.cleo.com/cleo-lexicom