CVE-2021-37442

Name of the Vulnerable Software and Affected Versions NCH IVM Attendant versions 5.12 and earlier

Description The issue allows path traversal via the viewfile parameter, specifically using file=/.. to read files. This can be exploited through the "viewfile?file=/.." endpoint.

Recommendations For versions 5.12 and earlier, consider restricting access to the viewfile parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the file parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.