← back
CVE-2021-28485

CVE-2021-28485

EPSS 0.5%
In Ericsson Mobile Switching Center Server (MSC-S) before IS 3.1 CP22, the SIS web application allows relative path traversal via a specific parameter in the https request after authentication, which allows access to files on the system that are not intended to be accessible via the web application.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.ericsson.com/en/about-us/security/psirthttps://www.gruppotim.it/it/footer/red-team.html