Published: 13/04/2021 Updated: 07/11/2023

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 4.8 | Impact Score: 2.5 | Exploitability Score: 2.2

VMScore: 517

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

In Apache Commons IO prior to 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache commons io 2.2
apache commons io 2.3
apache commons io 2.4
apache commons io 2.5
apache commons io 2.6
debian debian linux 9.0
oracle weblogic server 12.1.3.0.0
oracle retail integration bus 13.0
oracle flexcube core banking 5.2.0
oracle solaris cluster 4.0
oracle access manager 11.1.2.3.0
oracle weblogic server 12.2.1.3.0
oracle webcenter portal 12.2.1.3.0
oracle access manager 12.2.1.3.0
oracle application testing suite 13.3.0.1
oracle retail order broker 16.0
oracle banking platform 2.6.2
oracle primavera unifier 18.8
oracle primavera unifier
oracle agile plm 9.3.6
oracle banking digital experience 18.3
oracle banking digital experience 19.1
oracle banking digital experience 18.1
oracle weblogic server 12.2.1.4.0
oracle primavera unifier 19.12
oracle webcenter portal 12.2.1.4.0
oracle fusion middleware mapviewer 12.2.1.4.0
oracle weblogic server 14.1.1.0.0
oracle banking digital experience 19.2
oracle banking digital experience 20.1
oracle enterprise session border controller 8.4
oracle retail merchandising system 16.0.3
oracle banking platform 2.7.0
oracle banking platform 2.7.1
oracle agile engineering data management 6.2.1.0
oracle primavera unifier 20.12
oracle communications order and service management 7.4
oracle retail order broker 18.0
oracle insurance rules palette 11.0.2
oracle insurance rules palette 11.1.0
oracle communications billing and revenue management elastic charging engine 11.3
oracle communications billing and revenue management elastic charging engine 12.0
oracle communications interactive session recorder 6.3
oracle communications interactive session recorder 6.4
oracle commerce guided search 11.3.2
oracle insurance policy administration 11.3.0
oracle retail xstore point of service 17.0.4
oracle retail xstore point of service 18.0.3
oracle retail xstore point of service 19.0.2
oracle retail xstore point of service 20.0.1
oracle retail service backbone 15.0.3.1
oracle retail service backbone 14.1.3.2
oracle insurance policy administration 11.0.2
oracle communications cloud native core unified data repository 1.4.0
oracle retail order broker 19.1
oracle enterprise session border controller 9.0
oracle healthcare data repository 8.1.0
oracle communications application session controller 3.9.0
oracle communications converged application server - service controller 6.2
oracle flexcube core banking 11.10.0
oracle banking enterprise default management 2.12.0
oracle banking enterprise default management 2.10.0
oracle real user experience insight 13.4.1.0
oracle real user experience insight 13.5.1.0
oracle communications cloud native core network repository function 1.14.0
oracle banking party management 2.7.0
oracle retail merchandising system 19.0.1
oracle retail integration bus 14.1.3.2
oracle retail integration bus 15.0.3.1
oracle retail assortment planning 16.0.3
oracle communications order and service management 7.3
oracle retail size profile optimization 16.0.3
oracle access manager 12.2.1.4.0
oracle financial services analytical applications infrastructure
oracle communications pricing design center 12.0.0.4.0
oracle communications convergence 3.0.2.2.0
oracle primavera unifier 21.12
oracle utilities testing accelerator 6.0.0.2.2
oracle utilities testing accelerator 6.0.0.3.1
oracle utilities testing accelerator 6.0.0.1.1
oracle retail service backbone 19.0.0
oracle retail service backbone
oracle retail integration bus
oracle communications service broker 6.2
oracle banking digital experience 21.1
oracle banking apis 19.1
oracle banking apis 19.2
oracle banking apis 20.1
oracle banking apis 21.1
oracle communications cloud native core policy 1.14.0
oracle application performance management 13.5.1.0
oracle application performance management 13.4.1.0
oracle banking platform
oracle banking enterprise default managment
oracle banking apis 18.2
oracle banking digital experience 17.2
oracle banking apis 18.1
oracle banking apis 18.3
oracle communications design studio 7.3.5
oracle financial services model management and governance
oracle enterprise communications broker 3.3
oracle communications offline mediation controller 12.0.0.3
oracle oss support tools
oracle retail service backbone 14.1.3.0
oracle retail service backbone 19.0.1
oracle retail integration bus 14.1.3.0
oracle retail integration bus 19.0.0
oracle retail integration bus 19.0.1
oracle insurance rules palette 11.3.1
oracle insurance policy administration 11.1.0
oracle insurance policy administration 11.3.1
oracle banking enterprise default management 2.7.0
oracle banking enterprise default management 2.7.1
oracle banking enterprise default management 2.6.2
oracle insurance rules palette 11.3.0
oracle communications diameter intelligence hub
oracle insurance policy administration 11.2.8
oracle communications pricing design center 12.0.0.5.0
oracle blockchain platform
oracle insurance rules palette 11.2.8
oracle health sciences information manager
oracle helidon 2.2.0
oracle helidon 1.4.7
oracle communications policy management 12.5.0.0.0
oracle communications design studio
oracle communications contacts server 8.0.0.6.0
oracle rest data services
oracle rest data services 21.3
oracle health sciences data management workbench 2.5.2.1
oracle health sciences data management workbench 3.0.0.0
oracle retail pricing 19.0.1
oracle flexcube core banking
netapp active iq unified manager -

Synopsis Moderate: Red Hat Decision Manager 7121 security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat Decision ManagerRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sever ...

Synopsis Moderate: Red Hat Process Automation Manager 7121 security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat Process Automation ManagerRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gi ...

In Apache Commons IO before 27, When invoking the method FileNameUtilsnormalize with an improper input string, like "///foo", or "\\\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to const ...

No description is available for this CVE ...

Multiple vulnerabilities have been found in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer Affected products and versions are listed below Please upgrade your version to the appropriate version To find fixed products, need to find same number following product name in [Affected products] and [Fixed products] ...

Menu Log in ...

Get Started

CVE-2021-29425

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect