Osas · Osas Traverse Extension · CVE-2021-47864
**Name of the Vulnerable Software and Affected Versions**
OSAS Traverse Extension 11
**Description**
The TravExtensionHostSvc service, which runs with LocalSystem privileges, contains an unquoted service path. This allows attackers to inject and execute malicious code by placing executable files in the service path, potentially leading to elevated system access.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.