Matthew Benton

**Name of the Vulnerable Software and Affected Versions** Aternity versions prior to 9.0.1 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the web server. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific pages, including the `HTTPAgent`, `MacAgent`, `getExternalURL`, or `retrieveTrustedUrl` page. **Recommendations** For versions prior to 9.0.1, update to version 9.0.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Aternity versions prior to 9.0.1 **Description** The issue concerns the web server in Aternity, which does not require authentication for loading of Java MBeans using getMBeansFromURL. This allows remote attackers to execute arbitrary Java code by registering MBeans. **Recommendations** For versions prior to 9.0.1, update to version 9.0.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Idera Uptime Infrastructure Monitor versions 6.0 through 7.2 **Description** The issue is related to a format string vulnerability in the up.time client, which can be exploited by remote attackers to cause a denial of service, resulting in an application crash. This is achieved through the use of format string specifiers. **Recommendations** For Idera Uptime Infrastructure Monitor versions 6.0 through 7.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Idera Uptime Infrastructure Monitor version 7.4 **Description** A buffer overflow issue exists in the up.time client, potentially allowing remote attackers to execute arbitrary code through long command input. **Recommendations** For Idera Uptime Infrastructure Monitor version 7.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Idera Uptime Infrastructure Monitor versions prior to 7.7 **Description** The issue allows remote attackers to obtain potentially sensitive information, including version, OS, process, and event-log details, via a command. **Recommendations** For Idera Uptime Infrastructure Monitor versions prior to 7.7, update to version 7.7 or later to resolve the issue.