High severityNVD Advisory· Published Nov 12, 2025· Updated Apr 15, 2026
CVE-2021-4463
CVE-2021-4463
Description
Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the intended directory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <=1.21
Patches
Vulnerability mechanics
References
7- cxsecurity.com/issue/WLB-2021070173nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/206477nvd
- packetstormsecurity.com/files/163702nvd
- web.archive.org/web/20220527162453/http://www.ljkj2012.com/nvd
- www.exploit-db.com/exploits/50163nvd
- www.vulncheck.com/advisories/longjing-technology-bems-api-remote-arbitrary-file-downloadnvd
- www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5657.phpnvd
News mentions
0No linked articles in our index yet.