CVE-2021-47718 - Vulnerability Details - OpenCVE

OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like /debug/ and /php/ to discover configuration files, database credentials, and system information.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Openbmcs	Openbmcs

No data.

No data.

References

Link	Providers
https://www.exploit-db.com/exploits/50671
https://www.openbmcs.com
https://www.vulncheck.com/advisories/openbmcs-directory-listing-information-disclosure
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5695.php

History

Wed, 10 Dec 2025 21:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Openbmcs Openbmcs openbmcs
Vendors & Products		Openbmcs Openbmcs openbmcs

Tue, 09 Dec 2025 21:00:00 +0000

Type	Values Removed	Values Added
Description		OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like /debug/ and /php/ to discover configuration files, database credentials, and system information.
Title		OpenBMCS Directory Listing Information Disclosure
Weaknesses		CWE-548
References		https://www.exploit-db.com/exploits/50671 https://www.openbmcs.com https://www.vulncheck.com/advisories/openbmcs-directory-listing-information-disclosure https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5695.php
Metrics		cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2025-12-09T20:40:51.688Z

Updated: 2025-12-09T20:40:51.688Z

Reserved: 2025-12-05T19:10:29.047Z

Link: CVE-2021-47718

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-09T21:15:50.457

Modified: 2025-12-09T21:15:50.457

Link: CVE-2021-47718

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2021-47718", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-12-05T19:10:29.047Z", "datePublished": "2025-12-09T20:40:51.688Z", "dateUpdated": "2025-12-09T20:40:51.688Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "OpenBMCS", "vendor": "OPEN BMCS", "versions": [{"status": "affected", "version": "2.4"}]}], "credits": [{"lang": "en", "type": "finder", "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like /debug/ and /php/ to discover configuration files, database credentials, and system information.</p>"}], "value": "OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like /debug/ and /php/ to discover configuration files, database credentials, and system information."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-548", "description": "CWE-548 Exposure of Information Through Directory Listing", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-12-09T20:40:51.688Z"}, "references": [{"name": "ExploitDB-50671", "tags": ["exploit"], "url": "https://www.exploit-db.com/exploits/50671"}, {"name": "Official Product Homepage", "tags": ["product"], "url": "https://www.openbmcs.com"}, {"name": "Zero Science Lab Disclosure (ZSL-2022-5695)", "tags": ["third-party-advisory"], "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5695.php"}, {"name": "VulnCheck Advisory: OpenBMCS Directory Listing Information Disclosure", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/openbmcs-directory-listing-information-disclosure"}], "source": {"discovery": "UNKNOWN"}, "title": "OpenBMCS Directory Listing Information Disclosure", "x_generator": {"engine": "vulncheck"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like /debug/ and /php/ to discover configuration files, database credentials, and system information."}], "id": "CVE-2021-47718", "lastModified": "2025-12-09T21:15:50.457", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-12-09T21:15:50.457", "references": [{"source": "[email protected]", "url": "https://www.exploit-db.com/exploits/50671"}, {"source": "[email protected]", "url": "https://www.openbmcs.com"}, {"source": "[email protected]", "url": "https://www.vulncheck.com/advisories/openbmcs-directory-listing-information-disclosure"}, {"source": "[email protected]", "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5695.php"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-548"}], "source": "[email protected]", "type": "Primary"}]}