David Odell

**Name of the Vulnerable Software and Affected Versions** Toshiba 4690 Operating System version 6 Release 3 **Description** The issue allows remote attackers to read potentially sensitive system environment variables by sending a crafted request to the TCP port 54138, due to the improper restriction of the ADXSITCF logical name. **Recommendations** For Toshiba 4690 Operating System version 6 Release 3, restrict access to the ADXSITCF logical name to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** Toshiba CHEC versions prior to 6.6 build 4014 Toshiba CHEC versions 6.7 prior to build 4329 **Description** The issue concerns a hardcoded AES key in CreateBossCredentials.jar, which can be exploited by attackers to obtain Back Office System Server (BOSS) DB2 database credentials. This can be achieved by leveraging knowledge of the hardcoded key in conjunction with read access to bossinfo.pro. **Recommendations** For versions prior to 6.6 build 4014, update to a version that includes build 4014 or later to resolve the issue. For versions 6.7 prior to build 4329, update to a version that includes build 4329 or later to resolve the issue. As a temporary workaround, consider restricting read access to bossinfo.pro to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IBM 4690 OS (affected versions not specified) **Description** The default configuration of IBM 4690 OS uses the ADXCRYPT algorithm to hash passwords, making it easier for attackers to obtain sensitive information via cryptanalysis of an ADXCSOUF.DAT file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.