Unknown · Gridpro Request Management · CVE-2021-40371
**Name of the Vulnerable Software and Affected Versions**
Gridpro Request Management for Windows Azure Pack versions prior to 2.0.7912
**Description**
The issue allows Directory Traversal for remote code execution. This can be demonstrated by using `..` in a `scriptName` JSON value to the `ServiceManagerTenant/GetVisibilityMap` endpoint.
**Recommendations**
For versions prior to 2.0.7912, update to version 2.0.7912 or later to resolve the issue.
As a temporary workaround, consider restricting access to the `ServiceManagerTenant/GetVisibilityMap` endpoint until a patch is available.
Avoid using the `scriptName` JSON value in the affected endpoint until the issue is resolved.