Security Advisory

CVE-2021-32981

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-04-04 19:45:50
Last updated 2025-04-16 17:56:47
Assigner icscert
State PUBLISHED

Description

AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.