Jakub Palaczynski

**Nome do software vulnerável e versões afetadas** Versões do Palo Alto Networks Prisma Cloud Compute anteriores à 21.04.412 **Descrição** Existe uma vulnerabilidade de exposição de informações por meio de arquivos de log no console do Palo Alto Networks Prisma Cloud Compute, na qual um segredo usado para autorizar a função do usuário autenticado é registrado em um arquivo de log de depuração. Usuários com funções de Operador e Auditor autenticados que tenham acesso aos arquivos de log de depuração podem usar esse segredo para obter acesso à função de Administrador em sua sessão ativa no Prisma Cloud Compute. **Recomendações** Para versões do Prisma Cloud Compute anteriores à 21.04.412, atualize para a versão 21.04.412 ou posterior para resolver o problema. Como solução alternativa temporária, considere restringir o acesso aos arquivos de log de depuração para impedir que usuários com funções de Operador e Auditor autenticados obtenham acesso à função de Administrador.

**Nome do software vulnerável e versões afetadas** Versões do Johnson Controls Metasys anteriores à 11.0 **Descrição** A vulnerabilidade permite que um usuário autenticado do Metasys obtenha acesso não autorizado ao sistema de arquivos do servidor. Isso pode ser feito enviando mensagens web especialmente criadas para o sistema Metasys, o que pode permitir que o usuário acesse ou modifique arquivos do sistema. **Recomendações** Para as versões do Johnson Controls Metasys anteriores à 11.0, atualize para uma versão posterior à 11.0 para resolver o problema.

**Nome do software vulnerável e versões afetadas** Oracle Hyperion Lifecycle Management versão 11.1.2.4 **Descrição** O problema está relacionado à validação insuficiente de entradas no componente Shared Services. Isso permite que um invasor com privilégios elevados e acesso à rede via HTTP comprometa o Hyperion Lifecycle Management; no entanto, para que os ataques sejam bem-sucedidos, é necessária a interação humana de uma pessoa que não seja o próprio invasor. Isso pode resultar em acesso não autorizado para criação, exclusão ou modificação de dados críticos ou de todos os dados acessíveis no Hyperion Lifecycle Management. **Recomendações** Para a versão 11.1.2.4, no momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas: Oracle Database Server versões 11.2.0.4, 12.1.0.2, 12.2.0.1 e 18c Descrição: O problema está relacionado à validação insuficiente de entradas no componente SQL Developer Install do Oracle Database Server. Essa vulnerabilidade pode ser facilmente explorada por um invasor com privilégios limitados que possua privilégios de conta de usuário do computador cliente e faça logon na infraestrutura onde o SQL Developer Install é executado. Ataques bem-sucedidos exigem interação humana de uma pessoa que não seja o invasor e podem resultar em acesso de leitura não autorizado a um subconjunto de dados acessíveis pelo SQL Developer Install. Recomendações: Para as versões 11.2.0.4, 12.1.0.2, 12.2.0.1 e 18c, atualize para uma versão que inclua a correção para este problema. No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Versões do Apache NiFi de 1.0.0 a 1.10.0 **Descrição** Foi detectada uma vulnerabilidade XSS que permite a injeção de scripts maliciosos na interface do usuário por meio de ações realizadas por um usuário autenticado sem conhecimento, especificamente no Firefox, sem ocorrência em outros navegadores. **Recomendações** Para as versões do Apache NiFi de 1.0.0 a 1.10.0, atualize para uma versão fora desse intervalo para resolver o problema. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Dynamic Platform and Thermal Framework version 8.3.10208.5643 and before **Description** The issue is related to improper permissions in the software, which may allow an authenticated user to execute code at an elevated level of privilege. This is due to errors in using standard permissions. Exploitation of the issue could allow an attacker to execute arbitrary code. **Recommendations** For Intel(R) Dynamic Platform and Thermal Framework version 8.3.10208.5643 and before, update to a version later than 8.3.10208.5643 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel Driver & Support Assistant versions prior to 19.7.30.2 **Description** The issue is related to improper file verification, which may allow an authenticated user to potentially enable escalation of privilege via local access. It is also associated with errors in permission handling, potentially allowing an attacker to elevate their privileges. **Recommendations** For versions prior to 19.7.30.2, update to version 19.7.30.2 or later to resolve the issue. As a temporary workaround, consider restricting local access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Check Point ZoneAlarm versions up to 15.4.062 **Description** The issue allows a local attacker to potentially cause Denial of Service to the client by replacing a DLL file with a malicious one, due to the DLLs being loaded from directories where all users have write permissions. **Recommendations** For versions up to 15.4.062, consider restricting write permissions to the directories from which the DLLs are loaded to prevent a local attacker from replacing DLL files with malicious ones.

**Name of the Vulnerable Software and Affected Versions** Check Point ZoneAlarm versions up to 15.4.062 **Description** A local attacker can gain higher privileges to files with limited access by creating a hard-link from the log file of Check Point ZoneAlarm to any file on the system, resulting in permission changes that allow all users to access the linked file. **Recommendations** For Check Point ZoneAlarm versions up to 15.4.062, consider restricting access to the log file to prevent attackers from creating hard-links and gaining elevated privileges. As a temporary workaround, monitor file system permissions closely and restrict access to sensitive files until a fix is available.

**Name of the Vulnerable Software and Affected Versions** JBoss Management Console versions prior to 7.1.6.CR1 JBoss Management Console versions prior to 7.1.6.GA **Description** A cross-site scripting (XSS) issue was discovered. This allows users with object creation capabilities to attack other privileged users. **Recommendations** For versions prior to 7.1.6.CR1, update to version 7.1.6.CR1 or later. For versions prior to 7.1.6.GA, update to version 7.1.6.GA or later.

**Name of the Vulnerable Software and Affected Versions** Loadbalancer.org Enterprise VA MAX versions prior to 8.3.3 **Description** The issue arises because Apache HTTP Server logs are displayed, leading to a potential XSS problem. **Recommendations** For versions prior to 8.3.3, update to version 8.3.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Royal browser extensions TS versions prior to 4.3.60728 Royal browser extensions TSX versions prior to 3.3.1 **Description** The issue allows credentials disclosure. **Recommendations** For Royal browser extensions TS versions prior to 4.3.60728, update to version 4.3.60728 or later. For Royal browser extensions TSX versions prior to 3.3.1, update to version 3.3.1 or later.

**Name of the Vulnerable Software and Affected Versions** CA Release Automation versions 6.5 and earlier **Description** The issue is caused by insecure deserialization of a specially crafted serialized object, which allows attackers to potentially execute arbitrary code. This can be exploited by a remote attacker using a specially formed serialized object, potentially leading to the execution of arbitrary code. **Recommendations** For CA Release Automation versions 6.5 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8 Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8 Dell EMC VASA Provider Virtual Appliance versions prior to 8.4.0.512 Dell EMC SMIS versions prior to 8.4.0.6 Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4.0.347 Dell EMC VNX2 Operating Environment (OE) for File versions prior to 8.1.9.231 Dell EMC VNX2 Operating Environment (OE) for Block versions prior to 05.33.009.5.231 Dell EMC VNX1 Operating Environment (OE) for File versions prior to 7.1.82.0 Dell EMC VNX1 Operating Environment (OE) for Block versions prior to 05.32.000.5.225 Dell EMC VNXe3200 Operating Environment (OE) all versions Dell EMC VNXe1600 Operating Environment (OE) versions prior to 3.1.9.9570228 Dell EMC VNXe 3100/3150/3300 Operating Environment (OE) all versions Dell EMC ViPR SRM versions 3.7, 3.7.1, 3.7.2 Dell EMC ViPR SRM versions 4.0, 4.0.1, 4.0.2, 4.0.3 Dell EMC XtremIO versions 4.x Dell EMC VMAX eNAS version 8.x Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 **Description** The issue is related to an XXE injection vulnerability due to the configuration of the XML parser shipped with the product. This vulnerability may occur when XML input containing a reference to an external entity is processed by an affected XML parser, potentially allowing attackers to gain unauthorized access to files containing sensitive information or cause denial-of-service. **Recommendations** For Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, update to version 8.4.0.8 or later. For Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, update to version 8.4.0.8 or later. For Dell EMC VASA Provider Virtual Appliance versions prior to 8.4.0.512, update to version 8.4.0.512 or later. For Dell EMC SMIS versions prior to 8.4.0.6, update to version 8.4.0.6 or later. For Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4.0.347, update to a version later than 1.4.0.347. For Dell EMC VNX2 Operating Environment (OE) for File versions prior to 8.1.9.231, update to version 8.1.9.231 or later. For Dell EMC VNX2 Operating Environment (OE) for Block versions prior to 05.33.009.5.231, update to version 05.33.009.5.231 or later. For Dell EMC VNX1 Operating Environment (OE) for File versions prior to 7.1.82.0, update to version 7.1.82.0 or later. For Dell EMC VNX1 Operating Environment (OE) for Block versions prior to 05.32.000.5.225, update to version 05.32.000.5.225 or later. For Dell EMC VNXe3200 Operating Environment (OE), consider disabling the XML parser until a patch is available. For Dell EMC VNXe1600 Operating Environment (OE) versions prior to 3.1.9.9570228, update to version 3.1.9.9570228 or later. For Dell EMC VNXe 3100/3150/3300 Operating Environment (OE), consider disabling the XML parser until a patch is available. For Dell EMC ViPR SRM versions 3.7, 3.7.1, 3.7.2, update to a version later than 3.7.2. For Dell EMC ViPR SRM versions 4.0, 4.0.1, 4.0.2, 4.0.3, update to a version later than 4.0.3. For Dell EMC XtremIO versions 4.x, update to a version later than 4.x. For Dell EMC VMAX eNAS version 8.x, update to a version later than 8.x. For Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968, update to version 4.3.0.1522077968 or later.

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server (affected versions not specified) Description: An issue exists due to improper sanitization of specially crafted web requests. This could allow an attacker to perform cross-site scripting attacks, potentially enabling them to read unauthorized content, use the victim's identity to take actions on the site, and inject malicious content into the user's browser. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Meinberg LANTIME devices with firmware prior to 6.24.004 **Description** The issue allows remote authenticated users with certain privileges to read arbitrary files. This can be achieved via the `ntpclientcounterlogfile` parameter to "cgi-bin/mainv2" or through vectors involving `curl` support of the "file" schema in the firmware update functionality. **Recommendations** For firmware versions prior to 6.24.004, update to version 6.24.004 or later to resolve the issue. As a temporary workaround, consider restricting access to the "cgi-bin/mainv2" endpoint and limiting the use of the `curl` functionality in the firmware update process until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Meinberg LANTIME devices with firmware prior to 6.24.004 **Description** The issue concerns a directory traversal vulnerability in the "Upload Groupkey" functionality of the Web Configuration Utility. This vulnerability allows remote authenticated users with Admin-User access to write to arbitrary files, potentially leading to gaining root privileges. This can be achieved by uploading a file to a sensitive directory, such as the cron.d directory. **Recommendations** For Meinberg LANTIME devices with firmware prior to 6.24.004, update the firmware to version 6.24.004 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Upload Groupkey" functionality in the Web Configuration Utility to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Meinberg LANTIME devices with firmware prior to 6.24.004 **Description** The issue allows remote attackers to read arbitrary files due to a failure in restricting URL access in the Web Configuration Utility. **Recommendations** For firmware versions prior to 6.24.004, update the firmware to version 6.24.004 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** OpenText Documentum Webtop versions 6.8.0160.0073 **Description** The issue is related to an XML external entity (XXE) vulnerability in the web interface of OpenText Documentum Webtop. This vulnerability can be exploited by a remote attacker to read arbitrary files, cause a denial of service, or obtain user hashes on Windows systems. The exploitation involves crafted XML structures, such as a crafted DTD, in requests to specific API endpoints like `xda/com/documentum/ucf/server/transport/impl/GAIRConnector`, or through the import or check-in of crafted XML files in a MediaProfile file. **Recommendations** For OpenText Documentum Webtop version 6.8.0160.0073, consider disabling the `GAIRConnector` function until a patch is available to prevent exploitation through crafted XML structures. Restrict access to the MediaProfile file import and check-in features to minimize the risk of XXE attacks. Avoid using crafted DTDs in XML requests to prevent denial of service or arbitrary file reading. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenText Documentum Administrator version 7.2.0180.0055 **Description** The issue is related to incorrect restriction of XML external entities (XXE) in the OpenText Documentum Administrator. This can be exploited by a remote attacker to read arbitrary files, cause a denial of service, or obtain user hashes on Windows systems. The exploitation involves crafted XML structures, such as a DTD, in requests to specific API endpoints like `xda/com/documentum/ucf/server/transport/impl/GAIRConnector`, or through the import or check-in of crafted XML files in a MediaProfile file. **Recommendations** For OpenText Documentum Administrator version 7.2.0180.0055, consider disabling the import and check-in functionality for XML files in MediaProfile until a patch is available. Restrict access to the `xda/com/documentum/ucf/server/transport/impl/GAIRConnector` endpoint to minimize the risk of exploitation. Avoid using crafted DTDs or XML structures in requests to prevent potential attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.