Security readout for executives and security teams
Plain-English summary
CVE-2021-32017 lets a low-privileged remote user list the server filesystem through a JUMP SOAP endpoint. That can reveal directory and file names across the server, supporting later compromise planning. The supplied sources do not show active exploitation or a named patch.
Executive priority
Treat as urgent for any reachable JUMP AMS deployment. Even without confirmed exploitation, broad filesystem visibility can materially aid intrusion planning and indicates weak server-side authorization around a privileged interface.
Technical view
JUMP AMS 3.6.0.04.009-2487 exposed a SOAP endpoint that permitted remote filesystem content listing. CVSS 3.1 is 9.9 critical with network access, low complexity, low privileges, no user interaction, changed scope, and high confidentiality, integrity, and availability impact.
Likely exposure
Exposure is most likely where JUMP AMS 3.6.0.04.009-2487 is deployed and the affected SOAP endpoint is reachable by authenticated low-privileged users over the network.
Exploitation context
The source bundle describes filesystem enumeration capability only. CISA KEV is false, and no supplied source confirms active exploitation, public exploit use, or weaponized details.
Researcher notes
Evidence is limited to the CVE description and two advisories. Affected vendor/product metadata is sparse in the bundle, so confirm exact product ownership, deployment architecture, and vendor remediation before making implementation decisions.
Mitigation direction
- Inventory JUMP AMS deployments and identify version 3.6.0.04.009-2487.
- Review Thales and Excellium guidance for supported fixes or workarounds.
- Restrict SOAP endpoint access to required trusted networks and users.
- Monitor vendor channels for remediation instructions if no fix is deployed.
- Prioritize remediation for internet-facing or broadly reachable instances.
Validation and detection
- Confirm whether JUMP AMS 3.6.0.04.009-2487 exists in asset inventory.
- Map network reachability to the JUMP SOAP endpoint from user segments.
- Review logs for unusual SOAP requests or filesystem enumeration patterns.
- Verify access controls limit low-privileged users from sensitive service functions.
- Document whether a vendor-approved fix or workaround has been applied.
Public sources used
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CVE-2021-32017 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- Critical
- CVSS
- 9.9 (3.1)
- Known Exploited
- No
- Published
Vector: CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS vector scores
1 official scoreWe collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N3.16Primary CVE scoreVulnerability scoring details
Base CVSS 3.1 score
9.9CriticalVector: CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N
Source materials
- CVE List V5 sourceCVE List V5
- https://excellium-services.com/cert-xlm-advisory/cve-2021-32017/CVE reference
- https://cds.thalesgroup.com/en/tcs-cert/CVE-2021-32017CVE reference
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
