Security Advisory
AB-2021-001

Published	7 May 2021
Version	1.0.0
Severity	Medium
CVSS Score	CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVE	https://nvd.nist.gov/vuln/detail/CVE-2021-33408

Affected Products

Control>Center

Versions 4.0.3.0, 4.0.2.5, and earlier

Overview

Local File Inclusion (LFI) vulnerability in Control>Center.

Description

An authorized and authenticated Control>Center user can exploit the log file API to read other types of files on the run host.

Impact

Files with sufficiently open file permissions can be read by an authorized and authenticated Control>Center user.

Solution

If you are using an affected version of Control>Center, we recommend that you upgrade to Version 4.0.2.6 or Version 4.0.3.1, or later.

Credits

Ab Initio thanks Gianluca Palma of Engineering Ingegneria Informatica S.p.A. for responsibly reporting the identified issue and working with us as we addressed it.

Security Advisory
AB-2021-001

Affected Products

Overview

Description

Impact

Solution

Credits

Data Processing Platform

Cloud Native

Real-Time Digital Enablement

Futureproofing & Modernization

Searching, Scoring & Matching

BI, Analytics & Data Engineering

Decision Automation

Self-Service Empowerment

Automation

Data Catalog, Quality & Governance

Security Advisory AB-2021-001

Affected Products

Overview

Description

Impact

Solution

Credits

Security Advisory
AB-2021-001