CVE-2021-47718

Summary

OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like /debug/ and /php/ to discover configuration files, database credentials, and system information.

Affected Software

VendorProductVersion RangeStatus
OPEN BMCSOpenBMCS2.4affected

Weaknesses

  • CWE-548: CWE-548 Exposure of Information Through Directory Listing

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References