GCVE - cpe:2.3:a:riverbed:steelcentral_appinternals_dynamic_sampling

Approved changes feed: RSS · Atom

cpe:2.3:a:riverbed:steelcentral_appinternals_dynamic_sampling_agent:10.0.0:*:*:*:*:*:*:*

part: a version: 10.0.0 update: *

Vendor	Riverbed (`0bb0e062-ce66-501f-9d84-f308f1a9c42b`)
Product	Steelcentral Appinternals Dynamic Sampling Agent (`de717153-36ec-53f4-b325-9b4ef5b7323b`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-42857`	vulnerable	2026-06-08 05:35:22.998389	Directory Traversal Partial Write at AgentDaServlet MEDIUM (5.3) It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDaServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/da/pcf" API. The affected endpoint does not have any validation of the user's input that allows a malicious payload to be injected. Published: 2022-03-09T16:51:44.553Z Updated: 2024-09-16T21:57:35.235Z Open on db.gcve.eu Reference links https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Partial-Write-at-AgentDaServlet-CVE-2021-42857	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-42856`	vulnerable	2026-06-08 05:35:22.997856	Reflected Cross-site Scripting at DsaDataTest MEDIUM (4.7) It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any input checks on the user input that allows an attacker to craft its own malicious payload to trigger a XSS vulnerability. Published: 2022-03-09T16:51:56.184Z Updated: 2024-09-17T04:18:57.454Z Open on db.gcve.eu Reference links https://aternity.force.com/customersuccess/s/article/Reflected-Cross-site-Scripting-at-DsaDataTest-CVE-2021-42856	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-42855`	vulnerable	2026-06-08 05:35:22.997441	Local privilege escalation due to misconfigured write permission on .debug_command.config file HIGH (7.8) It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the ".debug_command.config" file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the "/api/appInternals/1.0/agent/configuration" API to map the corresponding ID to a command to be executed. Published: 2022-03-09T16:51:38.176Z Updated: 2024-09-17T02:36:31.306Z Open on db.gcve.eu Reference links https://aternity.force.com/customersuccess/s/article/Local-privilege-escalation-due-to-misconfigured-write-permission-on-debug-command-config-file-CVE-2021-42855	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-42854`	vulnerable	2026-06-08 05:35:22.997013	Directory Traversal Read/Write/Delete at PluginServlet CRITICAL (9.8) It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) PluginServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/plugin/pmx" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected. Published: 2022-03-09T16:52:02.819Z Updated: 2024-09-16T17:54:38.635Z Open on db.gcve.eu Reference links https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Read-Write-Delete-at-PluginServlet-CVE-2021-42854	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-42853`	vulnerable	2026-06-08 05:35:22.996584	Directory Traversal Delete/Read at AgentDiagnosticServlet CRITICAL (9.1) It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDiagnosticServlet has directory traversal vulnerability at the "/api/appInternals/1.0/agent/diagnostic/logs" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected. Published: 2022-03-09T16:51:28.521Z Updated: 2024-09-16T17:09:18.135Z Open on db.gcve.eu Reference links https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Delete-Read-at-AgentDiagnosticServlet-CVE-2021-42853	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-42787`	vulnerable	2026-06-08 05:35:22.944398	Directory Traversal Write/Delete/Partial Read at AgentConfigurationServlet CRITICAL (9.4) It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentConfigurationServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/configuration" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected. Published: 2022-03-09T16:51:50.594Z Updated: 2024-09-16T22:35:02.277Z Open on db.gcve.eu Reference links https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Write-Delete-Partial-Read-at-AgentConfigurationServlet-CVE-2021-42787	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-42786`	vulnerable	2026-06-08 05:35:22.943722	Remote Code Execution at AgentControllerServlet CRITICAL (9.8) It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) has Remote Code Execution vulnerabilities in multiple instances of the API requests. The affected endpoints do not have any input validation of the user's input that allowed a malicious payload to be injected. Published: 2022-03-09T16:51:32.667Z Updated: 2024-09-17T04:10:02.066Z Open on db.gcve.eu Reference links https://aternity.force.com/customersuccess/s/article/Remote-Code-Execution-at-AgentControllerServlet-CVE-2021-42786	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Riverbed Steelcentral Appinternals Dynamic Sampling Agent 10.0.0

PURL mappings

Vulnerability references

Contribute