CVE-2021-28485 Information

Description

In Ericsson Mobile Switching Center Server (MSC-S) before IS 3.1 CP22 the SIS web application allows relative path traversal via a specific parameter in the https request after authentication which allows access to files on the system that are not intended to be accessible via the web application.

Reference

https://www.gruppotim.it/it/footer/red-team.html https://www.ericsson.com/en/about-us/security/psirt