Plattform
other
Komponente
stvs-provision
Behoben in
5.9.11
CVE-2021-47723 identifies a cross-site request forgery (XSRF) vulnerability within STVS ProVision versions 5.9.10–5.9.10. This flaw allows malicious actors to execute unauthorized actions, specifically the creation of new administrative users, by leveraging unvalidated HTTP requests. The vulnerability was publicly disclosed on December 9, 2025, and mitigation strategies are advised until a patch is available.
The primary impact of CVE-2021-47723 is the potential for unauthorized administrative account creation. An attacker could craft a malicious website or email containing a forged HTTP request that, when visited by a legitimate administrator, would trigger the creation of a new admin account under the attacker's control. This grants the attacker full administrative privileges within the STVS ProVision system, enabling them to modify configurations, access sensitive data, and potentially compromise the entire environment. The blast radius extends to any data or functionality accessible by an administrator, making this a high-severity concern.
Public information regarding active exploitation of CVE-2021-47723 is currently limited. The vulnerability is not listed on the CISA KEV catalog as of December 9, 2025. The availability of a public proof-of-concept (POC) is unknown, but the XSRF nature of the vulnerability suggests that exploitation is relatively straightforward if a user is tricked into visiting a malicious site.
Organizations utilizing STVS ProVision version 5.9.10–5.9.10 are at risk, particularly those where administrative access is not tightly controlled or where users are susceptible to phishing attacks. Shared hosting environments or deployments with weak security awareness training are especially vulnerable.
disclosure
Exploit-Status
EPSS
0.03% (9% Perzentil)
CISA SSVC
Without a specific patch available, mitigation focuses on reducing the attack surface and limiting the potential impact. Implement strict input validation on all HTTP requests to ensure that data originates from trusted sources. Employ robust session management techniques, such as requiring re-authentication for sensitive operations. Consider implementing a Content Security Policy (CSP) to restrict the sources from which the browser can load resources, further mitigating the risk of forged requests. Regularly review and audit user access controls to identify and remove any unnecessary privileges.
Actualice STVS ProVision a una versión corregida para mitigar la vulnerabilidad de Cross-Site Request Forgery (CSRF). Consulte la documentación del proveedor o sus canales de soporte para obtener información sobre las actualizaciones disponibles y las instrucciones de instalación.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2021-47723 is a cross-site request forgery (XSRF) vulnerability affecting STVS ProVision versions 5.9.10–5.9.10, allowing attackers to perform actions as administrators.
If you are running STVS ProVision version 5.9.10–5.9.10, you are potentially affected by this vulnerability. Upgrade as soon as a patch is available.
Upgrade to a patched version of STVS ProVision when available. Until then, implement mitigation strategies like input validation and robust session management.
Currently, there is no confirmed public information about active exploitation of CVE-2021-47723, but the vulnerability's nature suggests potential for exploitation.
Refer to the official STVS ProVision website or security advisories for updates and information regarding CVE-2021-47723.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.