Vulnerabilities > CVE-2021-32093 - Missing Authorization vulnerability in NSA Emissary 5.9.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The ConfigFileAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to read arbitrary files via the ConfigName parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- https://blog.sonarsource.com/code-vulnerabilities-in-nsa-application-revealed
- https://blog.sonarsource.com/code-vulnerabilities-in-nsa-application-revealed
- https://portswigger.net/daily-swig/nsa-workflow-application-emissary-vulnerable-to-malicious-takeover
- https://portswigger.net/daily-swig/nsa-workflow-application-emissary-vulnerable-to-malicious-takeover