Christian Weiler

**Nome do Software Vulnerável e Versões Afetadas** Versões do Nagios XI anteriores à 5.7.2 **Descrição** Versões do Nagios XI anteriores à 5.7.2 são vulneráveis a cross-site scripting (XSS) através da página de Gerenciamento de Usuários na interface de Administração. Isso se deve à validação ou escape inadequados da entrada fornecida pelo usuário, potencialmente permitindo que um atacante injete e execute scripts arbitrários no navegador da vítima. **Recomendações** Atualize para a versão 5.7.2 ou posterior.

**Nome do Software Vulnerável e Versões Afetadas** Versões do Nagios XI anteriores à 5.7.3 **Descrição** As versões do Nagios XI anteriores à 5.7.3 apresentam uma vulnerabilidade de escalonamento de privilégios no script auxiliar `getprofile.sh`. O script lida com a recuperação e inicialização de perfil com manipulação insegura de arquivos e comandos, e carece de validação suficiente de entradas controladas pelo atacante. Em algumas implantações, o script é executado com privilégios elevados. Um atacante local com acesso de baixo nível poderia explorar essas falhas para executar comandos arbitrários ou modificar arquivos privilegiados, resultando em escalonamento de privilégios. **Recomendações** Atualize para uma versão do Nagios XI igual ou superior à 5.7.3.

**Nome do Software Vulnerável e Versões Afetadas** Versões do Nagios XI anteriores à 5.7.3 **Descrição** Versões do Nagios XI anteriores à 5.7.3 contêm um problema de injeção de comando na funcionalidade de download/exportação de relatórios em PDF. Validação insuficiente ou escape inadequado de valores fornecidos pelo usuário utilizados no pipeline de geração de PDF ou no wrapper que invoca utilitários auxiliares de PDF/offline permite que um atacante autenticado capaz de acionar exportações de PDF injete metacaracteres de shell ou argumentos. **Recomendações** Atualize para a versão 5.7.3 ou posterior.

**Name of the Vulnerable Software and Affected Versions** ScienceLogic SL1 (affected versions not specified) **Description** A command injection issue exists in the dashboard scheduler feature, where unsanitized user-controlled input is passed directly to a shell command, allowing the injection of arbitrary commands to the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ScienceLogic SL1 (affected versions not specified) **Description** A command injection issue exists in the ARP ping device tool feature of the ScienceLogic SL1. This feature takes unsanitized user-controlled input and passes it directly to a shell command, allowing for the injection of arbitrary commands to the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ScienceLogic SL1 (affected versions not specified) **Description** A command injection issue exists in the "dash export" feature, where unsanitized user-controlled input is passed directly to a shell command, allowing the injection of arbitrary commands to the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ScienceLogic SL1 (affected versions not specified) **Description** A command injection issue exists in the ticket report generate feature, allowing arbitrary commands to be injected into the underlying operating system due to unsanitized user-controlled input being passed directly to a shell command. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Talend Data Catalog versions prior to 8.0-20230413 **Description** The issue concerns the remote harvesting server, which contains a "/upgrade" endpoint that allows an unauthenticated WAR file to be deployed on the server. A mitigation measure is to place the remote harvesting server behind a firewall that only allows access to the Talend Data Catalog server. **Recommendations** For versions prior to 8.0-20230413, update to version 8.0-20230413 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/upgrade" endpoint until a patch is available. Place the remote harvesting server behind a firewall that only allows access to the Talend Data Catalog server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Talend Data Catalog versions prior to 8.0-20230110 **Description** The issue concerns XML External Entity (XXE) attacks. Specifically, the /MIMBWebServices/license endpoint of the remote harvesting server is affected. **Recommendations** For versions prior to 8.0-20230110, update to version 8.0-20230110 or later to resolve the issue. As a temporary workaround, consider restricting access to the "license" endpoint in the /MIMBWebServices path to minimize the risk of exploitation.