CVE-2021-32016 – This vulnerability in JUMP AMS allows attackers... (How to Fix)

Q: What is the severity of CVE-2021-32016?

CVE-2021-32016 has a CVSS score of 9.9 (CRITICAL). This vulnerability in JUMP AMS allows attackers to write arbitrary files to any location on the filesystem via directory traversal in a SOAP endpoint. This can lead to remote code execution, affecting all systems running vulnerable versions of JUMP AMS.

📋 TL;DR

This vulnerability in JUMP AMS allows attackers to write arbitrary files to any location on the filesystem via directory traversal in a SOAP endpoint. This can lead to remote code execution, affecting all systems running vulnerable versions of JUMP AMS.

💻 Affected Systems

Products:

JUMP AMS

Versions: 3.6.0.04.009-2487

Operating Systems: All platforms running JUMP AMS

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments of the affected version are vulnerable by default.

📦 What is this software?

Asset Management by Jump Technology

View all CVEs affecting Asset Management →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through remote code execution, allowing attackers to execute arbitrary commands, steal data, or deploy ransomware.

🟠

Likely Case

Remote code execution leading to unauthorized access, data exfiltration, or lateral movement within the network.

🟢

If Mitigated

File writes limited to non-critical locations with minimal impact if proper file permissions and network segmentation are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Directory traversal vulnerabilities are typically easy to exploit once discovered.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to version 3.6.0.04.009-2488 or later

Vendor Advisory: https://cds.thalesgroup.com/en/tcs-cert/CVE-2021-32016

Restart Required: Yes

Instructions:

1. Download the latest patch from Thales support portal. 2. Backup current installation. 3. Apply the patch following vendor instructions. 4. Restart the JUMP AMS service.

🔧 Temporary Workarounds

Restrict SOAP endpoint access

linux

Block external access to the vulnerable SOAP endpoint using network controls

iptables -A INPUT -p tcp --dport [SOAP_PORT] -j DROP

Implement WAF rules

all

Add rules to detect and block directory traversal patterns in SOAP requests

🧯 If You Can't Patch

Isolate JUMP AMS systems in a restricted network segment with no internet access
Implement strict file system permissions to limit write access for the JUMP AMS service account

🔍 How to Verify

Check if Vulnerable:

Check JUMP AMS version in administration console or configuration files

Check Version:

Check JUMP AMS web interface or consult system documentation for version command

Verify Fix Applied:

Verify version is 3.6.0.04.009-2488 or later and test SOAP endpoint for directory traversal

📡 Detection & Monitoring

Log Indicators:

Unusual file write operations in system logs
SOAP requests containing '../' patterns
Failed authentication attempts on SOAP endpoints

Network Indicators:

Unusual traffic to SOAP endpoints from unexpected sources
POST requests with file path traversal patterns

SIEM Query:

source="JUMP_AMS" AND (uri="*../*" OR method="POST" AND uri="*/soap/*")

📊 Metadata

CVE ID: CVE-2021-32016

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-22

Published: August 3, 2021

Last Updated: May 30, 2025

🔗 References

https://cds.thalesgroup.com/en/tcs-cert/CVE-2021-32016
https://excellium-services.com/cert-xlm-advisory/cve-2021-32016/ Third Party Advisory
https://excellium-services.com/cert-xlm-advisory/cve-2021-32016/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-32016, you might also want to check these: