CVE-2021-32016

CRITICAL

9.9

CVSS 3.1

Description

An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the writing of arbitrary files to a user-controlled location on the remote filesystem (with user-controlled content) via directory traversal, potentially leading to remote code and command execution.

Metadata

CVE ID: CVE-2021-32016
State: PUBLISHED
Assigner: mitre
Reserved: 2021-05-03 00:00 UTC
Published: 2021-08-03 17:55 UTC
Last updated: 2025-05-30 16:01 UTC
Vendor / Product: n/a / n/a
Sources: cve.org · NVD

Severity & Metrics

9.9 CRITICAL CVSS 3.1

CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N

Affected products (1)

Vendor	Product	Platform	Versions
n/a	n/a	—	n/a

Weakness (CWE)

CWE	Source	Description
—	cna	n/a

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.9	CRITICAL	3.1	cna	CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N

References (2)

https://excellium-services.com/cert-xlm-advisory/cve-2021-32016/
https://cds.thalesgroup.com/en/tcs-cert/CVE-2021-32016

Back to overview