Relative Path Traversal Vulnerability in Ericsson Mobile Switching Center Server (MSC-S)

Relative Path Traversal Vulnerability in Ericsson Mobile Switching Center Server (MSC-S)

CVE-2021-28485 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

In Ericsson Mobile Switching Center Server (MSC-S) before IS 3.1 CP22, the SIS web application allows relative path traversal via a specific parameter in the https request after authentication, which allows access to files on the system that are not intended to be accessible via the web application.

Learn more about our Web App Pen Testing.