Cv3Tr4Ck

**Name of the Vulnerable Software and Affected Versions** Field Logic DataCube4 up to 20231001 **Description** A problematic issue was found in the Web API component, affecting unknown code of the file /api/. This leads to improper authentication. The exploit has been disclosed to the public and may be used. **Recommendations** For Field Logic DataCube4 up to 20231001, consider restricting access to the /api/ endpoint until a fix is available. As a temporary workaround, review and strengthen authentication mechanisms to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SATO CL4NX-J Plus version 1.13.2-u455 r2 **Description** A critical issue affects an unknown functionality of the WebConfig component, leading to improper authentication. The attack must be carried out within the local network. The exploit has been disclosed to the public and may be used. **Recommendations** For SATO CL4NX-J Plus version 1.13.2-u455 r2, consider restricting access to the WebConfig component until a patch is available. As a temporary workaround, limit the ability to manipulate the affected functionality within the local network to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SATO CL4NX-J Plus version 1.13.2-u455 r2 **Description** A vulnerability was found in the SATO CL4NX-J Plus, affecting some unknown functionality of the file /rest/dir/. The manipulation of the `full` argument leads to path traversal. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. **Recommendations** For SATO CL4NX-J Plus version 1.13.2-u455 r2, consider restricting access to the /rest/dir/ endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the `full` argument in the affected endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SATO CL4NX-J Plus version 1.13.2-u455 r2 **Description** A critical issue has been found in the Cookie Handler component, allowing for improper authentication when the input `auth=user,level1,settings; web=true` is manipulated. This requires access to the local network. The issue has been publicly disclosed and may be exploited. **Recommendations** For SATO CL4NX-J Plus version 1.13.2-u455 r2, as a temporary workaround, consider restricting access to the Cookie Handler component until a patch is available. Avoid using the input `auth=user,level1,settings; web=true` in the affected system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** TTSPlanning versions up to 20230925 **Description** A critical vulnerability has been found in TTSPlanning, affecting an unknown part. The manipulation of the `uid` argument leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For versions up to 20230925, as a temporary workaround, consider restricting access to the `uid` argument to minimize the risk of SQL injection until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.