Published | 7 May 2021 |
Version | 1.0.0 |
Severity | Medium |
CVSS Score | CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) |
CVE | https://nvd.nist.gov/vuln/detail/CVE-2021-33408 |
Local File Inclusion (LFI) vulnerability in Control>Center.
An authorized and authenticated Control>Center user can exploit the log file API to read other types of files on the run host.
Files with sufficiently open file permissions can be read by an authorized and authenticated Control>Center user.
If you are using an affected version of Control>Center, we recommend that you upgrade to Version 4.0.2.6 or Version 4.0.3.1, or later.
Ab Initio thanks Gianluca Palma of Engineering Ingegneria Informatica S.p.A. for responsibly reporting the identified issue and working with us as we addressed it.