CVE-2021-47723
Last modified
CVE-2021-47723 is a medium-severity vulnerability rated 6.9/10 on the CVSS scale. STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users.. EPSS estimates a 0.16% chance of exploitation in the next 30 days.
Description
STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Stvs | Provision | 5.5 |
| Stvs | Provision | 5.6 |
| Stvs | Provision | 5.7 |
| Stvs | Provision | 5.8.6 |
| Stvs | Provision | 5.9.0 |
| Stvs | Provision | 5.9.1 |
| Stvs | Provision | 5.9.7 |
| Stvs | Provision | 5.9.9 |
| Stvs | Provision | 5.9.10 |
References
- http://www.stvs.chProduct
- https://www.exploit-db.com/exploits/49482Technical Description
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5625.phpThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2021-47723?
How severe is CVE-2021-47723?
How do I fix CVE-2021-47723?
Are you affected by CVE-2021-47723?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST