How severe is CVE-2021-27471?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.6 out of 10.

What type of vulnerability is CVE-2021-27471?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2021-27471

HIGH Year: 2021

CVSS v3 Score

8.6

High

CVSS v2 Score

6.8

Medium

Weakness Type

CWE-22

View all →

Vulnerability Description

The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the Connected Components Workbench software. User interaction is required for this exploit to be successful.

CVE-2014-9356

HIGH

CVSS:8.6(High)

Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or ...

CWE-222014

CVE-2015-4694

HIGH

CVSS:8.6(High)

Directory traversal vulnerability in download.php in the Zip Attachments plugin before 1.5.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the za_file parameter.

CWE-222015

CVE-2015-4988

HIGH

CVSS:8.6(High)

Directory traversal vulnerability in the replay server in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9....

CWE-222015

CVE-2015-7907

HIGH

CVSS:8.6(High)

Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and wri...

CWE-222015

CVE-2016-1525

HIGH

CVSS:8.6(High)

Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the r...

CWE-222016

CVE-2016-5803

HIGH

CVSS:8.6(High)

An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be with...

CWE-222016

CVE-2021-27471

Vulnerability Description

Related Vulnerabilities

CVE-2014-9356

CVE-2015-4694

CVE-2015-4988

CVE-2015-7907

CVE-2016-1525

CVE-2016-5803