CVE-2021-27197

Name of the Vulnerable Software and Affected Versions: Pelco Digital Sentry Server versions prior to 7.19.67

Description: The issue arises from the AppendToTextFile method in DSUtility.dll, which fails to verify whether it is being called from within the application or by a malicious user. This allows a remote attacker to craft an HTML page, potentially using "OBJECT classid=" and "

Recommendations: For versions prior to 7.19.67, update to version 7.19.67 or later to resolve the issue. As a temporary workaround, consider restricting access to the AppendToTextFile method until a patch is applied.