Jerome Nokin

**Name of the Vulnerable Software and Affected Versions** Advanced Secure Gateway and Content Analysis versions prior to 7.3.13.1 / 3.1.6.0 **Description** The issue is related to an Elevation of Privilege vulnerability. **Recommendations** For versions prior to 7.3.13.1 / 3.1.6.0, update to version 7.3.13.1 / 3.1.6.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Advanced Secure Gateway and Content Analysis versions prior to 7.3.13.1 / 3.1.6.0 **Description** The issue is related to a Server-Side Request Forgery vulnerability. **Recommendations** For versions prior to 7.3.13.1 / 3.1.6.0, update to version 7.3.13.1 / 3.1.6.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Advanced Secure Gateway and Content Analysis versions prior to 7.3.13.1 / 3.1.6.0 **Description** The issue is related to a Stored Cross-Site Scripting vulnerability. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions prior to 7.3.13.1 / 3.1.6.0, update to version 7.3.13.1 / 3.1.6.0 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable components until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Advanced Secure Gateway and Content Analysis versions prior to 7.3.13.1 / 3.1.6.0 **Description** The issue is related to a Command Injection vulnerability. **Recommendations** For versions prior to 7.3.13.1 / 3.1.6.0, update to version 7.3.13.1 / 3.1.6.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Oracle Solaris versions 10 and 11 **Description** The issue is related to errors in processing input data in the Utility component of Oracle Solaris. Exploitation of this issue can allow an attacker to execute arbitrary code. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. The issue can result in the takeover of Oracle Solaris. **Recommendations** For Oracle Solaris versions 10 and 11, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do software vulnerável e versões afetadas** Versões do CBRN-Analysis anteriores à 22 **Descrição** A vulnerabilidade permite ataques XXE por meio de um documento XML, levando à divulgação do hash NTLMv2-SSP. Isso ocorre durante o processamento de um documento XML malicioso. **Recomendações** Para versões anteriores à 22, atualize para a versão 22 ou posterior para resolver o problema. Como solução temporária, considere restringir o processamento de documentos XML externos para minimizar o risco de exploração. Evite usar o `am mws XML document` no sistema afetado até que o problema seja resolvido.

**Nome do software vulnerável e versões afetadas** Versões do CBRN-Analysis anteriores à 22 **Descrição** O problema está relacionado a permissões de arquivo inadequadas no Perfil Público, o que pode levar à divulgação do conteúdo dos arquivos ou à escalada de privilégios. **Recomendações** Para versões anteriores à 22, atualize para a versão 22 ou posterior para resolver o problema. Como solução alternativa temporária, considere restringir o acesso a arquivos e diretórios confidenciais para minimizar o risco de exploração.

**Name of the Vulnerable Software and Affected Versions** McAfee ePolicy Orchestrator (ePO) versions prior to 4.5.7 McAfee ePolicy Orchestrator (ePO) versions 4.6.x prior to 4.6.6 **Description** A directory traversal issue allows remote attackers to upload arbitrary files via a crafted request over the Agent-Server communication channel. This can be demonstrated by writing to the Software/ directory. **Recommendations** For versions prior to 4.5.7, update to version 4.5.7 or later. For versions 4.6.x prior to 4.6.6, update to version 4.6.6 or later.