Nguyễn Tiến Giang

**Name of the Vulnerable Software and Affected Versions** Inductive Automation Ignition (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. The specific flaw exists within the `downloadLaunchClientJar` function, which lacks validation of a remote JAR file prior to loading it. An attacker can leverage this vulnerability to execute code in the context of the current user. User interaction is required to exploit this vulnerability, as the target must connect to a malicious server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft SharePoint Server versions prior to 16.0.10399.20005 **Description** This issue is an elevation of privilege vulnerability in Microsoft SharePoint Server that allows attackers to affect the system. The vulnerability enables remote attackers to gain administrator privileges by circumventing authentication using spoofed JWT auth tokens. This flaw is actively exploited and has been observed in attacks, with reports of successful exploitation attempts. The vulnerability has been exploited in conjunction with other flaws to enable remote code execution. Approximately 2500 internet-connected SharePoint servers globally are estimated to be vulnerable, with around 650 located in Russia. The vulnerability is tracked as CVE-2023-29357. Exploitation involves targeting the `/api/web/siteusers` endpoint. **Recommendations** Update Microsoft SharePoint Server to version 16.0.10399.20005 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft SharePoint Server (affected versions not specified) **Description** The issue is related to a remote code execution vulnerability in Microsoft SharePoint Server. This vulnerability allows an authenticated attacker with Site Owner privileges to execute arbitrary code. The vulnerability is being actively exploited in the wild. According to some sources, over 43,658 targets related to this vulnerability were discovered using ZoomEye. The vulnerability can be exploited together with another issue to bypass authentication and use the SharePoint API with administrator privileges. A public exploit is available that uses both vulnerabilities. **Recommendations** As a temporary workaround, consider disabling the vulnerable functionality until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Apply the patch released by Microsoft in May 2023 to the latest secure version. Federal agencies must apply fixes by April 16, 2024. At the moment, there is no information about a newer version that contains a fix for this vulnerability, but it is recommended to update to the latest secure version.

**Name of the Vulnerable Software and Affected Versions** Microsoft SharePoint Server (affected versions not specified) **Description** The issue is related to an information disclosure vulnerability in Microsoft SharePoint Server. This vulnerability is associated with a lack of protection for service data. Exploitation of the vulnerability could allow a remote attacker to disclose protected information. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Exchange Server (affected versions not specified) **Description** The issue is related to incorrect code generation management in Microsoft Exchange Server, allowing a remote attacker to execute arbitrary code by sending a specially crafted request. This can affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.