CVE-2021-20022
Unrestricted Upload of Dangerous File Type — is CVE-2021-20022real, exploitable, or a false positive? Here's the community ground truth.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.
References
Published
Embed this verdict
[](https://www.truepositive.app/cve/CVE-2021-20022)<a href="https://www.truepositive.app/cve/CVE-2021-20022"><img src="https://www.truepositive.app/cve/CVE-2021-20022/badge.svg" alt="TruePositive verdict for CVE-2021-20022"></a>Live badge — updates automatically as the community verdict changes.
Community ground truth
Community verdict
2 verdictsIncludes TruePositive's curated baseline from public sources — community verdicts accrue on top.
Pick your verdict — we'll save it right after a quick sign-in.
Practitioners rate this higher than its CVSS — treat with extra caution.
Field notes & remediation
Verdicts are the quick signal — notes are the evidence and fixes behind them.
- 0
SonicWall Email Security Unrestricted Upload of File Vulnerability — SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20023 to achieve privilege escalation. Listed in the CISA KEV catalog (added 2021-11-03) — confirmed exploited in the wild, not theoretical. It is linked to known ransomware campaigns. FIRST EPSS puts the chance of exploitation in the next 30 days at ~17%. Treat it as real and prioritize remediation over triage.
- 0
Required action for SonicWall SonicWall Email Security: Apply updates per vendor instructions. CISA set a federal remediation due date of 2021-11-17. After patching, verify the vulnerable path is no longer reachable before closing the finding.
Related CVEs
Same weakness — CWE-434 · Unrestricted Upload of Dangerous File Type.
- CVE-2017-12617CVSS 8.1KEVEPSS 100%
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
- CVE-2018-15961CVSS 9.8KEVEPSS 100%
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.
- CVE-2021-31207CVSS 6.6KEVEPSS 100%
Microsoft Exchange Server Security Feature Bypass Vulnerability
- CVE-2017-12615CVSS 8.1KEVEPSS 100%
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
- CVE-2025-31324CVSS 10KEVEPSS 99%
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
- CVE-2024-50623CVSS 9.8KEVEPSS 99%
In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.