Plattform
linux
Komponente
oliver-library-server
Behoben in
8.00.008.053
CVE-2021-47755 describes an arbitrary file access vulnerability discovered in Oliver Library Server. This flaw allows unauthenticated attackers to retrieve sensitive files from the server's filesystem by exploiting an issue in the FileServlet endpoint. Versions 5.0.0 through 8.00.008.052 are affected. A patch is available in version 8.00.008.053.
Successful exploitation of CVE-2021-47755 allows an attacker to bypass authentication and directly download arbitrary files from the server. This includes configuration files, database backups, and potentially even source code, depending on the server's configuration and file permissions. The attacker's ability to access sensitive data could lead to data breaches, compromise of user credentials, and further system compromise. The lack of authentication requirements significantly broadens the attack surface, making the vulnerability particularly concerning. The potential for data exfiltration is high, and the attacker could use the obtained information for further reconnaissance or lateral movement within the network.
CVE-2021-47755 was published on 2026-01-15. There is no indication of active exploitation or inclusion in the CISA KEV catalog at this time. Public proof-of-concept exploits are not widely available, but the vulnerability's simplicity suggests that such exploits could emerge. The lack of authentication makes it relatively easy to test and exploit.
Organizations running Oliver Library Server, particularly those with publicly accessible instances or those lacking robust web application firewalls, are at risk. Shared hosting environments where multiple users share the same server instance are also particularly vulnerable, as an attacker could potentially exploit this vulnerability to access files belonging to other users.
• linux / server:
journalctl -u oliver_library_server -g 'FileServlet' | grep -i 'fileName='• generic web:
curl -I 'http://<server_ip>/oliver/FileServlet?fileName=<suspicious_filename>' | grep '200 OK'disclosure
Exploit-Status
EPSS
0.06% (18% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2021-47755 is to upgrade Oliver Library Server to version 8.00.008.053 or later, which contains the fix. If immediate upgrading is not possible, consider implementing a Web Application Firewall (WAF) rule to block requests containing suspicious characters or patterns in the 'fileName' parameter. Additionally, restrict file permissions on the server to limit the attacker's access to sensitive files, even if they manage to bypass the FileServlet's intended functionality. Regularly review server logs for unusual file access attempts and implement intrusion detection system (IDS) rules to alert on suspicious activity.
Actualice Oliver Library Server a la versión 8.00.008.053 o superior para mitigar la vulnerabilidad de descarga arbitraria de archivos. Asegúrese de aplicar las actualizaciones de seguridad más recientes proporcionadas por Softlink Education para mantener la seguridad del sistema.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2021-47755 is a vulnerability allowing unauthenticated attackers to download arbitrary files from an Oliver Library Server instance by manipulating the 'fileName' parameter. It has a CVSS score of 7.5 (HIGH).
You are affected if you are running Oliver Library Server versions 5.0.0 through 8.00.008.052. Check your version and upgrade if necessary.
Upgrade to version 8.00.008.053 or later. As a temporary workaround, implement a WAF rule to block suspicious 'fileName' parameters.
There is currently no evidence of active exploitation in the wild, but the vulnerability's simplicity makes it a potential target.
Refer to the vendor's security advisory for detailed information and updates: [https://www.oliver-ideas.com/security-advisories/](https://www.oliver-ideas.com/security-advisories/)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.