CNNVD-202601-3393 Information

CNNVD ID

CNNVD-202601-3393

Related CVE

CVE-2021-47864

• CNNVD Published: 2026-01-21

Description (Chinese)

OSAS Traverse Extension是OSAS公司的一个功能扩展模块。 OSAS Traverse Extension 11版本存在代码问题漏洞，该漏洞源于TravExtensionHostSvc服务存在未加引号的服务路径，可能导致攻击者执行恶意代码并获取系统访问权限。

Description (English)

OSAS Traverse Extension is a functional extension module of OSAS. There is a code gap in the 11th version of the ESA Traverse Extension, which stems from the existence of unquoted service paths for the TravExtension HostSvc service, which may lead to malicious code enforcement and system access by the attackers.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

OSAS

Published

2026-01-21

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/osas-traverse-extension-travextensionhostsvc-unquoted-service-path https://www.exploit-db.com/exploits/49698 https://www.osas.com/ https://web.archive.org/web/20200817150522/ https://access.redhat.com/security/cve/cve-2021-47864