High severityNVD Advisory· Published Nov 12, 2025· Updated Apr 15, 2026

CVE-2021-4463

Description

Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the intended directory.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cxsecurity.com/issue/WLB-2021070173nvd
exchange.xforce.ibmcloud.com/vulnerabilities/206477nvd
packetstormsecurity.com/files/163702nvd
web.archive.org/web/20220527162453/http://www.ljkj2012.com/nvd
www.exploit-db.com/exploits/50163nvd
www.vulncheck.com/advisories/longjing-technology-bems-api-remote-arbitrary-file-downloadnvd
www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5657.phpnvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000