CVE-2021-47755

Oliver · Library Server

Oliver Library Server v5 allows unauthenticated attackers to download arbitrary system files via the FileServlet endpoint by manipulating the 'fileName' parameter.

Executive summary

A critical file download vulnerability in Oliver Library Server v5 allows unauthenticated remote attackers to access sensitive system files, posing a severe risk to data confidentiality.

Vulnerability

This is an arbitrary file download vulnerability residing in the FileServlet endpoint. It allows an unauthenticated attacker to manipulate the 'fileName' input parameter to traverse and access restricted files on the server's filesystem.

Business impact

The ability for an unauthenticated attacker to retrieve arbitrary system files could lead to the exposure of configuration files, credentials, or sensitive institutional data. Given the CVSS score of 9.8, this vulnerability represents a critical risk to the organization's data integrity and confidentiality, potentially leading to a total system compromise.

Remediation

Immediate Action: Update Oliver Library Server to the latest available version provided by the vendor to remediate the input sanitization flaw.

Proactive Monitoring: Monitor server access logs for unusual requests directed at the FileServlet endpoint, specifically looking for path traversal characters like "../".

Compensating Controls: Implement a Web Application Firewall (WAF) rule to block requests containing directory traversal sequences or attempts to access system-level file paths.

Exploitation status

Public Exploit Available: Not specified

Analyst recommendation

This vulnerability presents a high risk due to the lack of authentication required for exploitation. Administrators should prioritize patching the affected Library Server instance immediately to prevent unauthorized access to sensitive server-side files.