Four vulnerabilities have been fixed in VRP 3.4 HF1, one of which is of critical severity.
Directory traversal vulnerability related to uploading application bundles
Arbitrary command execution vulnerability with root privilege related to DNS server configuration
Arbitrary command execution vulnerability with root privilege related to resiliency plans and custom scripts
A persistent cross-site scripting (XSS) vulnerability allows a malicious VRP user to inject malicious script into another user's browser, related to resiliency plans functionality.