Art Manion

**Nome do software vulnerável e versões afetadas** Saviynt Enterprise Identity Cloud (EIC) versão 5.5 SP2.x **Descrição** Foi identificada uma falha que permite que um invasor enumere usuários alterando o parâmetro `id` no endpoint da API “ECM/maintenance/forgotpasswordstep1”. **Recomendações** Para o Saviynt Enterprise Identity Cloud (EIC) versão 5.5 SP2.x, considere restringir o acesso ao endpoint da API “ECM/maintenance/forgotpasswordstep1” para minimizar o risco de exploração. Evite usar o parâmetro `id` neste endpoint até que o problema seja resolvido. No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Comcast XFINITY Home Security System (affected versions not specified) **Description** The issue arises from the system's failure to properly maintain base-station communication, allowing physically proximate attackers to interfere with ZigBee 2.4 GHz transmissions and defeat sensor functionality. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tftpd32 version 3.01 **Description** A buffer overflow issue exists, allowing remote attackers to cause a denial of service. This occurs when a long GET or PUT request is not properly handled, specifically when the request is displayed in the title of the gauge window. **Recommendations** For Tftpd32 version 3.01, consider restricting the length of GET or PUT requests to prevent the buffer overflow issue until a patch is available. As a temporary workaround, avoid displaying long requests in the title of the gauge window to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Tftpd32 version 2.81 **Description** A format string issue allows remote attackers to cause a denial of service. This is achieved by including format string specifiers in a filename within a GET or SEND request. **Recommendations** For Tftpd32 version 2.81, consider restricting access to the tftpd service until a patch is available to prevent potential denial of service attacks.

**Name of the Vulnerable Software and Affected Versions** ScriptLogic versions prior to 4.14 **Description** The issue allows remote attackers to modify arbitrary registry entries via the ScriptLogic RPC service or modify arbitrary configuration via the RunAdmin services. This is due to services processing client requests at raised privileges. **Recommendations** For versions prior to 4.14, update to version 4.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the ScriptLogic RPC service and the RunAdmin services (SLRAserver.exe and SLRAclient.exe) to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ScriptLogic versions prior to 4.14 **Description** The issue allows users to modify log records and possibly execute arbitrary code due to insecure permissions for the LOGS$ share. **Recommendations** For versions prior to 4.14, update to version 4.14 or later to resolve the issue.