CVE-2021-33558
65Vexday Risk Score
Patch now. It exploitation observed by VulnCheck and has a working public exploit.
ssvc Actepss 10%
from disclosure to weapon0 days
Published on NVDMay 27
1st PoCMay 25
VulnCheck+628d
exploitation probability
10%top 5% of all CVEs
observed exploitation
yesVulnCheck
2 public exploit(s)
Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE: multiple third parties report that this is a site-specific issue because those files are not part of Boa.
Affected products
n/a · n/apublic PoCs found — 2
vulncheckvulncheck.com/xdb/82acc22e50faunverifiedvulncheckvulncheck.com/xdb/782bd8f38658unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.