Moritz Bechler

**Name of the Vulnerable Software and Affected Versions** Oracle WebLogic Server versions 12.2.1.4.0 through 14.1.1.0.0 **Description** The issue is related to insufficient input validation in the Core component of Oracle WebLogic Server, allowing a remote attacker to gain full control over the application using T3 and IIOP network protocols. Successful attacks can result in the takeover of Oracle WebLogic Server. **Recommendations** For versions 12.2.1.4.0 and 14.1.1.0.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the T3 and IIOP protocols until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Oracle Java SE versions 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1 Oracle GraalVM Enterprise Edition versions 20.3.10, 21.3.6, 22.3.2 Oracle GraalVM for JDK versions 17.0.7, 20.0.1 **Description** The issue is related to insufficient input validation in the Oracle Java SE, Oracle GraalVM Enterprise Edition, and Oracle GraalVM for JDK products. This vulnerability can be exploited by an unauthenticated attacker with network access via multiple protocols, allowing them to compromise the affected systems. Successful attacks can result in unauthorized update, insert, or delete access to some accessible data. The vulnerability can be exploited using APIs in the specified component, for example, through a web service that supplies data to the APIs. It also applies to Java deployments that load and run untrusted code and rely on the Java sandbox for security. **Recommendations** For Oracle Java SE versions 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1: Update to a fixed version or apply the recommended patch. For Oracle GraalVM Enterprise Edition versions 20.3.10, 21.3.6, 22.3.2: Update to a fixed version or apply the recommended patch. For Oracle GraalVM for JDK versions 17.0.7, 20.0.1: Update to a fixed version or apply the recommended patch. As a temporary workaround, consider restricting access to the vulnerable APIs or disabling the use of untrusted code in Java deployments until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Oracle Database Server versions 19.3 through 19.19 Oracle Database Server versions 21.3 through 21.10 **Description** The issue is related to insufficient input validation in the Advanced Networking Option component of Oracle Database Server. It allows an unauthenticated attacker with network access via Oracle Net to compromise the Advanced Networking Option, resulting in unauthorized update, insert, or delete access to some of the accessible data. The exploitation of this issue is considered difficult. **Recommendations** For versions 19.3 through 19.19, update to a version outside of this range to resolve the issue. For versions 21.3 through 21.10, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the Advanced Networking Option component to minimize the risk of exploitation.

**Nome do software vulnerável e versões afetadas** BACKCLICK Professional versão 5.9.63 **Descrição** Foi detectada uma falha que permite contornar a autenticação do usuário para acessar os serviços de back-end CORBA. **Recomendações** Para o BACKCLICK Professional versão 5.9.63, no momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas** BACKCLICK Professional versão 5.9.63 **Descrição** Foi detectada uma falha devido à exposição dos serviços de gerenciamento CORBA, permitindo a execução de comandos de sistema arbitrários no servidor. **Recomendações** Para o BACKCLICK Professional versão 5.9.63, considere restringir o acesso aos serviços de gerenciamento CORBA como uma solução temporária até que uma correção esteja disponível.

**Nome do software vulnerável e versões afetadas** BACKCLICK Professional versão 5.9.63 **Descrição** Foi detectada uma falha devido a uma interface de comunicação interna exposta, possibilitando a execução de comandos de sistema arbitrários no servidor. **Recomendações** Para o BACKCLICK Professional versão 5.9.63, considere restringir o acesso à interface de comunicação interna como uma solução temporária até que um patch esteja disponível. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas** BACKCLICK Professional versão 5.9.63 **Descrição** Foi detectada uma falha devido a uma validação inadequada, permitindo que arquivos locais arbitrários fossem recuperados por meio do acesso direto ao servidor Tomcat de back-end. **Recomendações** Para o BACKCLICK Professional versão 5.9.63, considere restringir o acesso direto ao servidor Tomcat de back-end como uma solução temporária até que um patch esteja disponível.

**Nome do software vulnerável e versões afetadas** BACKCLICK Professional versão 5.9.63 **Descrição** Foi detectada uma falha devido a uma implementação insegura do rastreamento de sessões, permitindo que um invasor induza usuários a abrir uma sessão de usuário autenticada para um identificador de sessão conhecido pelo invasor, também conhecido como “Session Fixation”. **Recomendações** Para o BACKCLICK Professional versão 5.9.63, no momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas** BACKCLICK Professional versão 5.9.63 **Descrição** Foi detectada uma falha devido a um projeto inseguro ou à falta de autenticação, permitindo que invasores não autenticados concluam o processo de redefinição de senha para qualquer conta e definam uma nova senha. **Recomendações** Para o BACKCLICK Professional versão 5.9.63, considere restringir temporariamente o acesso ao recurso de redefinição de senha até que uma correção esteja disponível. Como medida de mitigação, restrinja a capacidade de usuários não autenticados iniciarem redefinições de senha. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Versões do Wildfly anteriores à 20.0.0.Final **Descrição** É possível um ataque de deserialização remota nos Enterprise Application Beans (EJB) devido à falta de recursos de validação/filtragem no Wildfly. Essa falha permite um possível ataque. **Recomendações** Para versões anteriores à 20.0.0.Final, atualize para a versão 20.0.0.Final ou posterior para resolver o problema. Como solução alternativa temporária, considere restringir o acesso aos componentes EJB para minimizar o risco de exploração.

**Name of the Vulnerable Software and Affected Versions** SquirrelMail versions 1.4.22 and earlier SquirrelMail versions 1.5.x through 1.5.2 **Description** A security issue was discovered due to improper handling of RCDATA and RAWTEXT type elements, allowing the built-in sanitization mechanism to be bypassed. This can lead to the execution of malicious script content from HTML e-mail within the application context via crafted use of elements such as NOEMBED, NOFRAMES, NOSCRIPT, or TEXTAREA. **Recommendations** For SquirrelMail versions 1.4.22 and earlier, update to a version later than 1.4.22 to resolve the issue. For SquirrelMail versions 1.5.x through 1.5.2, update to a version later than 1.5.2 to resolve the issue. As a temporary workaround, consider restricting the use of potentially vulnerable elements such as NOEMBED, NOFRAMES, NOSCRIPT, or TEXTAREA until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ColdFusion versions Update 3 and earlier ColdFusion versions Update 10 and earlier ColdFusion versions Update 18 and earlier **Description** The issue is related to a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. The vulnerability is also associated with a lack of data sanitization at the management level, which could allow a remote attacker to execute arbitrary code. **Recommendations** For ColdFusion versions Update 3 and earlier, update to a version later than Update 3 to resolve the issue. For ColdFusion versions Update 10 and earlier, update to a version later than Update 10 to resolve the issue. For ColdFusion versions Update 18 and earlier, update to a version later than Update 18 to resolve the issue. As a temporary workaround, consider restricting access to management-level functions to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Apache NetBeans versions 9.0 Description: The issue is related to the Proxy Auto-Configuration (PAC) file in the Apache NetBeans development environment, which fails to neutralize script code in attributes on a web page. This can allow a remote attacker to execute arbitrary code. The vulnerability is exploited through the nashorn script engine, which leaks privileged objects that can be used to circumvent execution limits. Alternatively, using a different script engine can also lead to remote code execution, as no execution limits are in place. Recommendations: For Apache NetBeans version 9.0, consider disabling the nashorn script engine or restricting its use to minimize the risk of exploitation until a patch is available. Additionally, avoid using the Proxy Auto-Configuration (PAC) interpretation feature in the NetBeans environment until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dojo Toolkit versions prior to 1.14 **Description** The issue is related to unescaped string injection in dojox/Grid/DataGrid, which can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. This is due to incorrect encoding or hiding of output data. **Recommendations** For versions prior to 1.14, update to version 1.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the dojox/Grid/DataGrid component until a patch is available.

Name of the Vulnerable Software and Affected Versions: ILIAS versions prior to 5.1.26 ILIAS versions 5.2.x prior to 5.2.15 ILIAS versions 5.3.x prior to 5.3.4 Description: The issue arises from inconsistencies in parameter handling, leading to instances of reflected cross-site-scripting. Recommendations: For versions prior to 5.1.26, update to version 5.1.26 or later. For versions 5.2.x prior to 5.2.15, update to version 5.2.15 or later. For versions 5.3.x prior to 5.3.4, update to version 5.3.4 or later.

Name of the Vulnerable Software and Affected Versions: Jenkins versions prior to 2.44 Jenkins versions prior to 2.32.2 Description: The issue involves a remote code execution vulnerability through the deserialization of various types in javax.imageio in XStream-based APIs. Recommendations: For versions prior to 2.44, update to version 2.44 or later. For versions prior to 2.32.2, update to version 2.32.2 or later.

**Name of the Vulnerable Software and Affected Versions** Apache Brooklyn versions prior to 0.10.0 **Description** The issue allows an authenticated user to cause the JVM running Apache Brooklyn to load and run Java code without detection. This could provide access to privileges of the Java process, including opening files and network connections, and executing system commands. A proof-of-concept exploit using this issue is known to exist. **Recommendations** For Apache Brooklyn versions prior to 0.10.0, update to version 0.10.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the SnakeYAML library or limiting the Java types available on the classpath to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Red5 Media Server versions prior to 1.0.8 **Description** The issue allows remote attackers to execute arbitrary code via crafted serialized Java data due to the lack of restriction on the classes for which deserialization is performed by the AMF unmarshallers. **Recommendations** For versions prior to 1.0.8, update to version 1.0.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apache Camel versions prior to 2.16.5 Apache Camel versions prior to 2.17.5 Apache Camel versions prior to 2.18.2 **Description** The issue concerns a Java object de-serialization vulnerability in Apache Camel's Jackson and JacksonXML unmarshalling operations, which can lead to Remote Code Execution attacks. De-serializing untrusted data can result in security flaws, as seen in similar Java de-serialization issues. **Recommendations** For versions prior to 2.16.5, upgrade to 2.16.5. For versions prior to 2.17.5, upgrade to 2.17.5. For versions prior to 2.18.2, upgrade to 2.18.2. As a temporary workaround, consider restricting the use of the `CamelJacksonUnmarshalType` property to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RESTEasy versions prior to 3.1.2 **Description** The issue is related to insufficient input validation in the YamlProvider component, which could allow an attacker to execute arbitrary code with RESTEasy application permissions by forcing the application into parsing a request with YamlProvider, resulting in the unmarshalling of potentially untrusted data. **Recommendations** For versions prior to 3.1.2, update to version 3.1.2 or later to resolve the issue. As a temporary workaround, consider disabling the YamlProvider component until a patch is available. Restrict access to the YamlProvider component to minimize the risk of exploitation.