CVE-2021-45967

Description

An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.

How to fix CVE-2021-45967

To remediate CVE-2021-45967, upgrade the affected package to a fixed version below.

Bitnami/openfire—upgrade to 4.5.0 or later

Is CVE-2021-45967 being exploited?

Likely — EPSS is 92.6%, placing CVE-2021-45967 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (1)

from 0, < 4.5.0 | >= 4.5.0, <= 4.5.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (4)

WEBkerbit.io/research/read/blog/4
WEBtutorialboy24.blogspot.com/2022/03/the-story-of-3-bugs-that-lead-to.html
WEBwww.pascom.net/doc/en/release-notes/
WEBwww.pascom.net/doc/en/release-notes/pascom19/