### [CVE-2021-20707](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20707)
![](https://img.shields.io/static/v1?label=Product&message=CLUSTERPRO%20X&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=CLUSTERPRO%20X%204.3%20for%20Windows%20and%20earlier%2C%20EXPRESSCLUSTER%20X%204.3%20for%20Windows%20and%20earlier%2C%20CLUSTERPRO%20X%204.3%20SingleServerSafe%20for%20Windows%20and%20earlier%2C%20EXPRESSCLUSTER%20X%204.3%20SingleServerSafe%20for%20Windows%20and%20earlier%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20input%20Validation&color=brightgreen)

### Description

Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to read files upload via network..

### POC

#### Reference
- https://jpn.nec.com/security-info/secinfo/nv21-015_en.html

#### Github
No PoCs found on GitHub currently.