CVE-2021-42855

Summary

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the ".debug_command.config" file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the "/api/appInternals/1.0/agent/configuration" API to map the corresponding ID to a command to be executed.

Affected Software

VendorProductVersion RangeStatus
AternitySteelCentral AppInternals Dynamic Sampling Agent10.xaffected
AternitySteelCentral AppInternals Dynamic Sampling Agent12.13.0 < 12.13.0affected
AternitySteelCentral AppInternals Dynamic Sampling Agent11.8.8 < 11.8.8affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References