2 matches found
CVE-2021-47724
STVS ProVision 5.9.10 is affected by a path traversal vulnerability in the archive download endpoint (/archive/download) that can be exploited by an authenticated attacker via the files parameter to read arbitrary files (e.g., /etc/passwd). Root cause: directory traversal in archive.rb implementa...
CVE-2021-47723
CVE-2021-47723 affects STVS ProVision 5.9.10 and is a Cross-Site Request Forgery vulnerability where unvalidated HTTP requests allow an attacker to perform actions with admin privileges (e.g., create new admin users). The Red Hat and EUVD entries mirror this description. No exploitation details a...