CVE-2021-32093

CVE-2021-32093

EPSS 1.0%

The ConfigFileAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to read arbitrary files via the ConfigName parameter.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://blog.sonarsource.com/code-vulnerabilities-in-nsa-application-revealed https://portswigger.net/daily-swig/nsa-workflow-application-emissary-vulnerable-to-malicious-takeover