Lukasz Miedziński

**Name of the Vulnerable Software and Affected Versions** IBM Tivoli Monitoring (ITM) versions 6.2.2 through 6.2.2 FP9 IBM Tivoli Monitoring (ITM) versions 6.2.3 through 6.2.3 FP5 IBM Tivoli Monitoring (ITM) versions 6.3.0 through 6.3.0 FP6 **Description** The issue allows remote authenticated users to gain privileges via unspecified vectors. **Recommendations** For IBM Tivoli Monitoring (ITM) versions 6.2.2 through 6.2.2 FP9, update to a version later than 6.2.2 FP9. For IBM Tivoli Monitoring (ITM) versions 6.2.3 through 6.2.3 FP5, update to a version later than 6.2.3 FP5. For IBM Tivoli Monitoring (ITM) versions 6.3.0 through 6.3.0 FP6, update to a version later than 6.3.0 FP6.

**Name of the Vulnerable Software and Affected Versions** IBM Tivoli Monitoring (ITM) versions 6.2.2 through 6.2.2 FP9 IBM Tivoli Monitoring (ITM) versions 6.2.3 through 6.2.3 FP5 IBM Tivoli Monitoring (ITM) versions 6.3.0 before 6.3.0 FP7 **Description** The issue allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input. **Recommendations** For versions 6.2.2 through 6.2.2 FP9, update to a version after 6.2.2 FP9. For versions 6.2.3 through 6.2.3 FP5, update to a version after 6.2.3 FP5. For versions 6.3.0 before 6.3.0 FP7, update to 6.3.0 FP7 or later.

**Name of the Vulnerable Software and Affected Versions** Unit4 Polska TETA Web (formerly TETA Galactica) version 22.62.3.4 **Description** The issue concerns improper access restriction to certain modules, specifically the Design Mode and Debug Logger mode modules. This allows remote attackers to gain privileges by utilizing crafted `received parameters`. **Recommendations** For version 22.62.3.4, restrict access to the Design Mode and Debug Logger mode modules to prevent unauthorized privilege escalation. As a temporary workaround, consider disabling the Design Mode and Debug Logger mode modules until a proper fix is implemented.