Cyber Resilience

CVE-2021-47755

HighPublic PoC

Published: 15 January 2026

Published
15 January 2026
Modified
26 January 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0075 50.3th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2021-47755 is a high-severity Path Traversal (CWE-22) vulnerability in Softlinkint Oliver V5 Library. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 49.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

Oliver Library Server v5 is affected by CVE-2021-47755, a file download vulnerability arising from unsanitized input in the FileServlet endpoint. This CWE-22 (path traversal) flaw enables attackers to manipulate the 'fileName' parameter to access arbitrary system files on the server's filesystem. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), highlighting its high confidentiality impact.

Unauthenticated remote attackers can exploit this issue with low attack complexity and no user interaction or privileges required. By crafting malicious requests to the FileServlet, they can download sensitive system files, potentially exposing configuration data, credentials, or other critical information without impacting integrity or availability.

References point to a proof-of-concept exploit on Exploit-DB (ID 50599) and the vendor product page for Oliver Library Server at Softlink International. No specific mitigation or patch guidance is detailed in these sources.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Oliver Library Server v5 contains a file download vulnerability that allows unauthenticated attackers to access arbitrary system files through unsanitized input in the FileServlet endpoint. Attackers can exploit the vulnerability by manipulating the 'fileName' parameter to download sensitive files from…

more

the server's filesystem.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

Path traversal in public-facing FileServlet enables remote arbitrary file read (T1005) exposing credentials/configs (T1552.001) via exploitation of the web app (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2020-36939Shared CWE-22
CVE-2026-26217Shared CWE-22
CVE-2026-27305Shared CWE-22
CVE-2022-50992Shared CWE-22
CVE-2026-30952Shared CWE-22
CVE-2026-32847Shared CWE-22
CVE-2026-6227Shared CWE-22
CVE-2026-30976Shared CWE-22
CVE-2025-10897Shared CWE-22
CVE-2026-30403Shared CWE-22

Affected Assets

softlinkint
oliver v5 library
≤ 8.00.008.053

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates unsanitized inputs like the 'fileName' parameter in FileServlet to prevent path traversal and arbitrary file access.

prevent

Enforces approved authorizations to block unauthenticated access to arbitrary system files via the vulnerable endpoint.

prevent

Filters outputs from file download requests to restrict transmission of sensitive system file contents.

References