Joris Aerts

**Nome do Software Vulnerável e Versões Afetadas** Altium 365 (versões afetadas não especificadas) **Descrição** Um problema de falta de autenticação existe no Altium 365 SearchService. Um endpoint SOAP legado expõe operações de índice de pesquisa sem exigir autenticação, tokens de sessão ou verificação de identidade. Um invasor de rede não autenticado que possua o identificador de um workspace alvo pode interagir com o índice de pesquisa desse workspace, cruzando limites de locatários (tenants). Isso permite que o invasor leia conteúdos indexados, como dados de componentes, nomes de projetos e pastas, e metadados de usuários, além de injetar, modificar ou excluir entradas do índice de pesquisa. Essas ações afetam apenas o índice de pesquisa, e não os dados do cofre subjacentes, podendo expor informações confidenciais do workspace e comprometer a integridade e a disponibilidade dos resultados da pesquisa. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha a correção para esta vulnerabilidade.

A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to missing filename sanitization in the Gerber file upload APIs. A regular authenticated workspace user can supply a crafted filename in the multipart Content-Disposition header to escape the intended temporary upload directory and write arbitrary files to any location on the server filesystem. Because content-controlled files can be written to web-accessible directories, this can be escalated to remote code execution in the context of the service account. It can also be used to overwrite application binaries or configuration files, leading to service takeover or denial of service.

**Nome do Software Vulnerável e Versões Afetadas** Altium Enterprise Server (versões afetadas não especificadas) **Descrição** Um problema de path traversal existe no Viewer StorageController devido ao manuseio inadequado de parâmetros de rota de caminho de arquivo. Em implantações on-premise que utilizam armazenamento de sistema de arquivos local, um usuário autenticado pode fornecer um caminho absoluto codificado em URL em uma solicitação de API de armazenamento do Viewer. Essa ação faz com que o sistema descarte a raiz de armazenamento configurada, permitindo a leitura de arquivos arbitrários do sistema de arquivos do servidor. Isso pode levar à divulgação da configuração mestre do servidor, incluindo credenciais de banco de dados, locais de chaves de assinatura, senhas de certificado e segredos OAuth, resultando potencialmente no comprometimento total do servidor e de seus dados. Implantações em nuvem não são afetadas, pois utilizam armazenamento de objetos e não habilitam este componente. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha a correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Altium Forum (affected versions not specified) **Description** A stored cross-site scripting (XSS) issue exists in the Altium Forum because of insufficient server-side input sanitization of forum post content. An authenticated attacker can inject arbitrary JavaScript into forum posts. This injected script is stored and executed when other users view the affected post. Successful exploitation allows the attacker’s payload to execute within the context of the victim’s authenticated Altium 365 session, potentially enabling unauthorized access to workspace data, including design files and workspace settings. Exploitation requires a user to view a malicious forum post. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Altium 365 (affected versions not specified) **Description** A stored cross-site scripting (XSS) issue exists in the user profile text fields. Insufficient server-side input sanitization allows authenticated users to inject arbitrary HTML and JavaScript payloads using whitespace-based attribute parsing bypass techniques. The injected payload is persisted and executed when other users view the affected profile page, potentially allowing session token theft, phishing attacks, or malicious redirects. Exploitation requires an authenticated account and user interaction to view the crafted profile. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Altium Support Center (affected versions not specified) **Description** A stored cross-site scripting (XSS) issue exists in the `AddComment` API endpoint. The vulnerability is caused by a lack of server-side input sanitization. While the client interface applies HTML escaping, the backend stores arbitrary HTML and JavaScript received through modified POST requests. This allows for the execution of arbitrary JavaScript in the browser of users who view support cases, including those with elevated privileges. The `AddComment` endpoint is vulnerable. The vulnerable parameter is the POST request body. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Altium Workflow Engine (affected versions not specified) **Description** A stored cross-site scripting (XSS) issue exists because of insufficient server-side input sanitization within workflow form submission APIs. An authenticated user can inject arbitrary JavaScript into workflow data. When an administrator views the affected workflow, the injected payload executes in the administrator’s browser, potentially allowing privilege escalation, including the creation of new administrator accounts, session token theft, and the execution of administrative actions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Altium Forum (affected versions not specified) **Description** A stored cross-site scripting (XSS) issue exists because of insufficient server-side input validation of forum post content. An authenticated attacker can inject arbitrary JavaScript into forum posts. This injected script is then stored and executed when other users view the compromised post. Successful exploitation allows the attacker’s code to run within the context of the victim’s authenticated Altium 365 session, potentially granting unauthorized access to workspace data, including design files and workspace settings. Exploitation requires a user to view a malicious forum post. The API endpoint for forum post creation is susceptible to this issue, allowing injection of malicious code through the forum post content. The vulnerable parameter is the forum post content itself. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.