Directory Traversal Vulnerability in ResourceSpace by ResourceSpace LLC
CVE-2021-41950

9.1CRITICAL

Key Information:

Vendor: Montala
Status: Resourcespace
Vendor: CVE Published:; 15 November 2021

What is CVE-2021-41950?

A directory traversal vulnerability in ResourceSpace 9.6 (before revision 18277) enables remote unauthenticated attackers to exploit the system via the 'provider' and 'variant' parameters in pages/ajax/tiles.php. This flaw allows attackers to delete arbitrary files, including critical configuration and source code files, rendering the application inoperable for all users. It is essential for administrators to secure their installations and update to patched versions to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://svn.resourcespace.com/svn/rs/releases/9.6/pages/aj...

x_refsource_MISC

https://www.horizon3.ai/multiple-vulnerabilities-in-resou...

x_refsource_MISC

EPSS Score

32% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2021
Vulnerability Reserved
Oct 4, 2021

JSON

Montala

What is CVE-2021-41950?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

EPSS Score

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.