Alt3Kx

**Name of the Vulnerable Software and Affected Versions** Micro Focus Fortify Software Security Center (SSC) versions 17.10 through 18.10 **Description** A potential issue in Micro Focus Fortify Software Security Center (SSC) could allow remote unauthorized access. **Recommendations** For versions 17.10 through 18.10, update to a version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Micro Focus Fortify Software Security Center (SSC) versions 17.10 through 18.10 Description: A potential issue in Micro Focus Fortify Software Security Center (SSC) could allow remote unauthorized access. Recommendations: For versions 17.10 through 18.10, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Episerver Ektron CMS versions prior to 9.0 SP3 Site CU 31 Episerver Ektron CMS versions 9.1 prior to SP3 Site CU 45 Episerver Ektron CMS versions 9.2 prior to SP2 Site CU 22 **Description** The issue allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is normally available exclusively for local admins. **Recommendations** For Episerver Ektron CMS versions prior to 9.0 SP3 Site CU 31, update to version 9.0 SP3 Site CU 31 or later. For Episerver Ektron CMS versions 9.1 prior to SP3 Site CU 45, update to version 9.1 SP3 Site CU 45 or later. For Episerver Ektron CMS versions 9.2 prior to SP2 Site CU 22, update to version 9.2 SP2 Site CU 22 or later.

**Name of the Vulnerable Software and Affected Versions** Fortify Software Security Center (SSC) versions 17.1 through 18.1 **Description** The issue allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks. This is achieved via a crafted DTD in an XML request, exploiting an XML external entity (XXE) vulnerability. **Recommendations** For Fortify Software Security Center (SSC) versions 17.1 through 18.1, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dataiku DSS versions prior to 4.2.3 **Description** The issue allows remote attackers to obtain sensitive information, specifically determining if a username is valid, due to the visibility of profile pictures in the REST API. **Recommendations** For versions prior to 4.2.3, update to version 4.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to profile pictures to minimize the risk of exploitation.