How severe is CVE-2021-43775?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.6 out of 10.

What type of vulnerability is CVE-2021-43775?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2021-43775

HIGH Year: 2021

CVSS v3 Score

8.6

High

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-22

View all →

Vulnerability Description

Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. The vulnerability issue is resolved in Aim v3.1.0.

CVE-2014-9356

HIGH

CVSS:8.6(High)

Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or ...

CWE-222014

CVE-2015-4694

HIGH

CVSS:8.6(High)

Directory traversal vulnerability in download.php in the Zip Attachments plugin before 1.5.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the za_file parameter.

CWE-222015

CVE-2015-4988

HIGH

CVSS:8.6(High)

Directory traversal vulnerability in the replay server in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9....

CWE-222015

CVE-2015-7907

HIGH

CVSS:8.6(High)

Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and wri...

CWE-222015

CVE-2016-1525

HIGH

CVSS:8.6(High)

Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the r...

CWE-222016

CVE-2016-5803

HIGH

CVSS:8.6(High)

An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be with...

CWE-222016

CVE-2021-43775

Vulnerability Description

Related Vulnerabilities

CVE-2014-9356

CVE-2015-4694

CVE-2015-4988

CVE-2015-7907

CVE-2016-1525

CVE-2016-5803