📧 info@ciso.sa | 📱 +966550939344 | Riyadh, Kingdom of Saudi Arabia
About FAQ Contact Us Terms of Service Privacy Policy 🌐 العربية
🔐

Welcome — Sign in or create an account for full access.

🔑 Sign In ✨ Register
🌐 العربية Sign In Create Account
🔧 Scheduled Maintenance — Saturday 2:00-4:00 AM AST. Some features may be temporarily unavailable.    ●   
💎
Pro Plan 50% Off Unlock all AI features, unlimited reports, and priority support. Upgrade
Search Center
ESC to close
navigate open Ctrl+K search
CISO Consulting
Global vulnerability Artificial Intelligence and Technology HIGH 2h Global general Technology and Artificial Intelligence MEDIUM 5h Global general Technology and Artificial Intelligence HIGH 6h Global vulnerability Higher Education CRITICAL 15h Global data_breach Government HIGH 16h Global supply_chain Software Development and Open Source Communities CRITICAL 16h Global malware Software Development CRITICAL 16h Global phishing Multiple Sectors HIGH 17h Global vulnerability Web Applications CRITICAL 17h Global apt Critical Infrastructure CRITICAL 17h Global vulnerability Artificial Intelligence and Technology HIGH 2h Global general Technology and Artificial Intelligence MEDIUM 5h Global general Technology and Artificial Intelligence HIGH 6h Global vulnerability Higher Education CRITICAL 15h Global data_breach Government HIGH 16h Global supply_chain Software Development and Open Source Communities CRITICAL 16h Global malware Software Development CRITICAL 16h Global phishing Multiple Sectors HIGH 17h Global vulnerability Web Applications CRITICAL 17h Global apt Critical Infrastructure CRITICAL 17h Global vulnerability Artificial Intelligence and Technology HIGH 2h Global general Technology and Artificial Intelligence MEDIUM 5h Global general Technology and Artificial Intelligence HIGH 6h Global vulnerability Higher Education CRITICAL 15h Global data_breach Government HIGH 16h Global supply_chain Software Development and Open Source Communities CRITICAL 16h Global malware Software Development CRITICAL 16h Global phishing Multiple Sectors HIGH 17h Global vulnerability Web Applications CRITICAL 17h Global apt Critical Infrastructure CRITICAL 17h
Vulnerabilities

CVE-2021-47755

High ⚡ Exploit Available
Oliver Library Server v5 contains a file download vulnerability that allows unauthenticated attackers to access arbitrary system files through unsanitized input in the FileServlet endpoint. Attackers
CWE-22 — Weakness Type
Published: Jan 15, 2026  ·  Modified: Feb 28, 2026  ·  Source: NVD
CVSS v3
7.5
🔗 NVD Official
📄 Description (English)

Oliver Library Server v5 contains a file download vulnerability that allows unauthenticated attackers to access arbitrary system files through unsanitized input in the FileServlet endpoint. Attackers can exploit the vulnerability by manipulating the 'fileName' parameter to download sensitive files from the server's filesystem.

🤖 AI Executive Summary

CVE-2021-47755 is a critical path traversal vulnerability in Oliver Library Server v5 that allows unauthenticated attackers to download arbitrary files from affected servers. The vulnerability exploits unsanitized input in the FileServlet endpoint, enabling unauthorized access to sensitive system files. With an available exploit and CVSS score of 7.5, this poses an immediate risk to organizations using this library management system.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 1, 2026 11:01
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi government entities, universities, and public institutions that utilize Oliver Library Server v5 for document and resource management. At-risk sectors include: Ministry of Education institutions and universities (King Saud University, KAUST, etc.), National Library of Saudi Arabia, government archives, and healthcare institutions maintaining medical records. The vulnerability enables unauthorized access to confidential government documents, research data, student records, and sensitive administrative files. Organizations under NCA and SAMA oversight face compliance violations if sensitive financial or regulatory data is exposed.
🏢 Affected Saudi Sectors
Government Education Healthcare Public Administration Archives and Records Management Research Institutions
⚖️ Saudi Risk Score (AI)
8.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:

1. Identify all instances of Oliver Library Server v5 in your environment using network scanning tools

2. Implement network-level access controls to restrict FileServlet endpoint access to authorized users only

3. Enable authentication requirements for all file download operations

4. Review server logs for suspicious 'fileName' parameter manipulation attempts



PATCHING:

1. Upgrade Oliver Library Server to version 5.1 or later immediately

2. Apply vendor security patches from Softlink International

3. Test patches in non-production environment before deployment



COMPENSATING CONTROLS (if immediate patching unavailable):

1. Implement Web Application Firewall (WAF) rules to block path traversal patterns (../, ..\ sequences)

2. Restrict FileServlet to authenticated users via reverse proxy authentication

3. Implement input validation to reject special characters in fileName parameter

4. Deploy file integrity monitoring on sensitive directories



DETECTION:

1. Monitor for HTTP requests containing '../' or '..\' in fileName parameter

2. Alert on FileServlet access from unauthenticated sessions

3. Track downloads of system files (passwd, shadow, config files)

4. Log all file access attempts with source IP and requested file path
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:

1. تحديد جميع نسخ خادم مكتبة Oliver الإصدار 5 في بيئتك باستخدام أدوات المسح

2. تطبيق عناصر التحكم في الوصول على مستوى الشبكة لتقييد وصول نقطة نهاية FileServlet للمستخدمين المصرح لهم فقط

3. تفعيل متطلبات المصادقة لجميع عمليات تنزيل الملفات

4. مراجعة سجلات الخادم للكشف عن محاولات معالجة معاملات 'fileName' المريبة



التصحيح:

1. ترقية خادم مكتبة Oliver إلى الإصدار 5.1 أو أحدث فوراً

2. تطبيق تصحيحات الأمان من Softlink International

3. اختبار التصحيحات في بيئة غير الإنتاج قبل النشر



عناصر التحكم البديلة:

1. تطبيق قواعد جدار حماية تطبيقات الويب لحجب أنماط اجتياز المسارات

2. تقييد FileServlet للمستخدمين المصرح لهم عبر مصادقة الوكيل العكسي

3. تطبيق التحقق من صحة المدخلات لرفض الأحرف الخاصة في معامل fileName

4. نشر مراقبة سلامة الملفات على الدلائل الحساسة



الكشف:

1. مراقبة طلبات HTTP التي تحتوي على '../' أو '..\'  في معامل fileName

2. التنبيه على وصول FileServlet من جلسات غير مصرح لها

3. تتبع تنزيلات ملفات النظام

4. تسجيل جميع محاولات الوصول إلى الملفات مع عنوان IP المصدر
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Information security policies and procedures A.6.1.1 - Access control policy A.6.2.1 - User registration and access rights management A.8.2.1 - Classification of information A.8.2.3 - Handling of assets A.12.4.1 - Event logging A.12.4.3 - Protection of log information
🔵 SAMA CSF
ID.AM-2 - Software platforms and applications are inventoried PR.AC-1 - Identities and credentials are issued and managed PR.AC-4 - Access rights are managed DE.CM-1 - The network is monitored for unauthorized connections DE.CM-3 - Personnel activity is monitored RS.MI-2 - Incidents are mitigated
🟡 ISO 27001:2022
A.5.1 - Management direction for information security A.6.1 - Organizational controls A.6.2 - Mobile device and teleworking A.8.1 - Asset management A.8.2 - Classification of information A.8.3 - Media handling A.12.4 - Logging A.13.1 - Network security
📦 Affected Products / CPE 1 entries
softlinkint:oliver_v5_library
📊 CVSS Score
7.5
/ 10.0 — High
📊 CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack VectorN — None / Network
Attack ComplexityL — Low / Local
Privileges RequiredN — None / Network
User InteractionN — None / Network
ScopeU — Unchanged
ConfidentialityH — High
IntegrityN — None / Network
AvailabilityN — None / Network
📋 Quick Facts
Severity High
CVSS Score7.5
CWECWE-22
EPSS0.06%
Exploit ✓ Yes
Patch ✓ Yes
Published 2026-01-15
Source Feed nvd
Views 5
🇸🇦 Saudi Risk Score
8.2
/ 10.0 — Saudi Risk
Priority: CRITICAL
🏷️ Tags
exploit-available CWE-22
⚡ Actions
🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details
Share this CVE
LinkedIn X / Twitter WhatsApp Telegram

💬 Comments

0
Loading comments
📣 Found this valuable?
Share it with your cybersecurity network
in LinkedIn 𝕏 X / Twitter 💬 WhatsApp ✈ Telegram
🍪 Privacy Preferences
CISO Consulting — Compliant with Saudi Personal Data Protection Law (PDPL)
We use cookies and similar technologies to provide the best experience on our platform. You can choose which types you accept.
🔒
Essential Always On
Required for the website to function properly. Cannot be disabled.
📋 Sessions, CSRF tokens, authentication, language preferences
📊
Analytics
Help us understand how visitors use the site and improve performance.
📋 Page views, session duration, traffic sources, performance metrics
⚙️
Functional
Enable enhanced features like content personalization and preferences.
📋 Dark/light theme, font size, custom dashboards, saved filters
📣
Marketing
Used to deliver content and ads relevant to your interests.
📋 Campaign tracking, retargeting, social media analytics
Privacy Policy →
CISO AI Assistant
Ask anything · Documents · Support
🔐

Introduce Yourself

Enter your details to access the full assistant

Your info is private and never shared
💬
CyberAssist
Online · responds in seconds
5 / 5
🔐 Verify Your Identity

Enter your email to receive a verification code before submitting a support request.

Enter to send · / for commands 0 / 2000
CISO AI · Powered by Anthropic Claude
✦ Quick Survey Help Us Improve CISO Consulting Your feedback shapes the future of our platform — takes less than 2 minutes.
⚠ Please answer this question to continue

How would you rate your overall experience with our platform?

Rate from 1 (poor) to 5 (excellent)

🎉
Thank you!
Your response has been recorded.