CVE-2021-47724
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-09

Last updated on: 2026-02-13

Assigner: VulnCheck

Description
STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read sensitive system files like /etc/passwd.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2026-02-13
Generated
2026-05-07
AI Q&A
2025-12-10
EPSS Evaluated
2026-05-05
NVD
CVE-2021-47724
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
stvs provision 5.5
stvs provision 5.6
stvs provision 5.7
stvs provision 5.8.6
stvs provision 5.9.0
stvs provision 5.9.1
stvs provision 5.9.10
stvs provision 5.9.7
stvs provision 5.9.9
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by sending authenticated HTTP GET requests to the /archive/download endpoint with directory traversal sequences in the "files" parameter to check if arbitrary files can be accessed. For example, a command using curl could be: curl -i -H "Authorization: Digest <credentials>" "http://<target>/archive/download?files=..%2f..%2f..%2fetc%2fpasswd". If the response contains the contents of /etc/passwd or other sensitive files, the system is vulnerable. Additionally, observing Ruby exceptions related to file access errors in logs may indicate attempted exploitation. [2, 3]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting access to the /archive/download endpoint to only trusted and authenticated users, applying strict input validation and sanitization on the "files" parameter to prevent directory traversal sequences, and updating or patching STVS ProVision software to a version where this vulnerability is fixed. If patches are not available, consider disabling the archive download functionality temporarily to prevent exploitation. [2, 3, 4]


Can you explain this vulnerability to me?

This vulnerability is a path traversal issue in STVS ProVision 5.9.10 that allows authenticated attackers to manipulate the 'files' parameter in the archive download functionality. By sending specially crafted GET requests with directory traversal sequences to the /archive/download endpoint, attackers can access arbitrary files on the system, including sensitive files like /etc/passwd.


How can this vulnerability impact me? :

The vulnerability can allow an attacker with authentication to read sensitive system files that they should not have access to. This could lead to exposure of sensitive information, potential further exploitation of the system, and compromise of system confidentiality and integrity.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart