0V3Rride

**Name of the Vulnerable Software and Affected Versions** Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP versions prior to 10.0 **Description** A directory traversal and local file inclusion issue allows a remote attacker to list or enumerate sensitive contents of files. This could potentially lead to privilege escalation by accessing the local machine's SAM and SYSTEM database files, and possibly enable remote code execution. **Recommendations** For versions prior to 10.0, update to version 10.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** LogonBox Nervepoint Access Manager versions 2013 through 2017 **Description** The issue is related to an unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core. This allows a remote attacker to enumerate internal Active Directory usernames and group names. Additionally, it enables the alteration of back-end server jobs, including backup and synchronization jobs, potentially leading to a Denial of Service attack. This can be achieved by modifying the `jobId` parameter in a "runJob.html" GET request. **Recommendations** For LogonBox Nervepoint Access Manager versions 2013 through 2017, consider restricting access to the "runJob.html" endpoint to prevent unauthorized modifications to server jobs. As a temporary workaround, avoid using the `jobId` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.