Jeremy Trinka

**Name of the Vulnerable Software and Affected Versions** ExaGrid appliances version v4.8.1.1044.P50 **Description** The issue allows remote attackers to view and retrieve verbose logging information due to a directory traversal vulnerability in the /monitor/data/Upgrade/ directory. This vulnerability can lead to the exposure of sensitive run-time information, including Base64 encoded 'support' credentials, which can result in administrative access to the device. **Recommendations** For version v4.8.1.1044.P50, as a temporary workaround, consider restricting access to the /monitor/data/Upgrade/ directory until a patch is available. Avoid using the `support` credentials in the affected device until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.