Asset Management
CVE-2021-32017
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the listing of the content of the remote file system. This can be used to identify the complete server filesystem structure, i.e., identifying all the directories and files.
AnalysisAI
An issue was discovered in JUMP AMS 3.6.0.04.009-2487. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the listing of the content of the remote file system. This can be used to identify the complete server filesystem structure, i.e., identifying all the directories and files. Affected products include: Jump-Technology Asset Management.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Asset Management
View allAn issue was discovered in JUMP AMS 3.6.0.04.009-2487. Rated high severity (CVSS 8.8), this vulnerability is remotely ex
An issue was discovered in JUMP AMS 3.6.0.04.009-2487. Rated medium severity (CVSS 6.5), this vulnerability is remotely
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today