CVE-2021-4463

Sažetak

Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the intended directory.

Reference

https://cxsecurity.com/issue/WLB-2021070173
https://exchange.xforce.ibmcloud.com/vulnerabilities/206477
https://packetstormsecurity.com/files/163702
https://web.archive.org/web/20220527162453/http://www.ljkj2012.com/
https://www.exploit-db.com/exploits/50163
https://www.vulncheck.com/advisories/longjing-technology-bems-api-remote-arbitrary-file-download
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5657.php

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

14-11-2025 - 16:42

Objavljeno

12-11-2025 - 22:15