Nikita Mikhalevskiy

**Name of the Vulnerable Software and Affected Versions** Oracle Siebel CRM versions 8.1.1 through 8.2.2 **Description** The issue affects confidentiality and can be exploited by remote authenticated users via unknown vectors related to Web Services in the Siebel Core - EAI component. **Recommendations** For versions 8.1.1 and 8.2.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Siebel CRM versions 8.1.1 through 8.2.2 **Description** The issue affects confidentiality and can be exploited by remote attackers via unknown vectors related to Web Services in the Siebel Core - EAI component. **Recommendations** For Oracle Siebel CRM version 8.1.1, update to a version that includes the fix for this issue. For Oracle Siebel CRM version 8.2.2, update to a version that includes the fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Oracle Siebel CRM versions 8.1.1 through 8.2.2 **Description** The issue affects confidentiality and integrity, and it is related to the Integration - Scripting component in the Siebel Core - Server BizLogic Script. The exact nature of the vulnerability and the vectors used for exploitation are not specified. **Recommendations** For Oracle Siebel CRM version 8.1.1, update to a version that contains a fix for this issue. For Oracle Siebel CRM version 8.2.2, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Invensys Wonderware Information Server (WIS) versions 4.0 SP1 through 5.0 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For Invensys Wonderware Information Server (WIS) versions 4.0 SP1 through 5.0, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Invensys Wonderware Information Server (WIS) versions 4.0 SP1 through 5.0 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service due to unrestricted size and amount values. **Recommendations** For versions 4.0 SP1 through 5.0, restrict size and amount values to prevent remote attackers from executing arbitrary code or causing a denial of service.

**Name of the Vulnerable Software and Affected Versions** Invensys Wonderware Information Server (WIS) version 4.0 SP1 Invensys Wonderware Information Server (WIS) versions 4.5 through 5.0 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For Invensys Wonderware Information Server (WIS) version 4.0 SP1, update to a version that includes a fix for this issue. For Invensys Wonderware Information Server (WIS) versions 4.5 through 5.0, update to a version that includes a fix for this issue.