Platform
linux
Component
oliver-library-server
Fixed in
8.00.008.053
CVE-2021-47755 describes an arbitrary file access vulnerability discovered in Oliver Library Server. This flaw allows unauthenticated attackers to retrieve sensitive files from the server's filesystem by exploiting an issue in the FileServlet endpoint. Versions 5.0.0 through 8.00.008.052 are affected. A patch is available in version 8.00.008.053.
Successful exploitation of CVE-2021-47755 allows an attacker to bypass authentication and directly access any file the server has read permissions for. This could include configuration files containing database credentials, source code, or other sensitive data. The potential impact is significant, as an attacker could gain a deep understanding of the system's architecture and potentially escalate their access to compromise the entire network. The lack of authentication required for exploitation significantly broadens the attack surface, making it a high-priority concern for organizations running Oliver Library Server.
CVE-2021-47755 was publicly disclosed on January 15, 2026. There is currently no indication of active exploitation in the wild, and it is not listed on the CISA KEV catalog. Public proof-of-concept code is not widely available, but the vulnerability's simplicity suggests it could be easily exploited.
Exploit Status
EPSS
0.06% (18% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2021-47755 is to upgrade Oliver Library Server to version 8.00.008.053 or later, which contains the fix. If an immediate upgrade is not possible, consider implementing a Web Application Firewall (WAF) rule to block requests containing suspicious 'fileName' parameters. Specifically, look for requests with unusual characters or paths that attempt to access files outside of expected directories. Additionally, review file system permissions to ensure that sensitive files are not accessible by the web server user. After upgrade, confirm by attempting to access a known sensitive file via the FileServlet endpoint; access should be denied.
Update Oliver Library Server to version 8.00.008.053 or higher to mitigate the arbitrary file download vulnerability. Ensure you apply the latest security updates provided by Softlink Education to maintain system security.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2021-47755 is a vulnerability allowing unauthenticated attackers to download arbitrary files from an Oliver Library Server instance by manipulating the 'fileName' parameter. It has a CVSS score of 7.5 (HIGH).
You are affected if you are running Oliver Library Server versions 5.0.0 through 8.00.008.052. Check your version and upgrade if necessary.
Upgrade to version 8.00.008.053 or later. As a temporary workaround, implement a WAF rule to block suspicious 'fileName' parameters.
There is currently no evidence of active exploitation in the wild, but the vulnerability's simplicity makes it a potential target.
Refer to the vendor's security advisory for detailed information and updates: [https://www.oliver-ideas.com/security-advisories/](https://www.oliver-ideas.com/security-advisories/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.