Niv Levy

**Nome do software vulnerável e versões afetadas** Versões do SysAid anteriores à 23.2.14 b18 **Descrição** A vulnerabilidade permite a falsificação de solicitação do lado do servidor (SSRF), o que pode expor o hash NTLMv2 do usuário do sistema operacional local. **Recomendações** Para versões anteriores à 23.2.14 b18, atualize para a versão 23.2.14 b18 ou posterior para resolver o problema. Como solução temporária, considere restringir o acesso a recursos confidenciais para minimizar o risco de exploração.

**Name of the Vulnerable Software and Affected Versions** Sysaid (affected versions not specified) **Description** A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sysaid (affected versions not specified) **Description** The issue allows authenticated users to exfiltrate files from the server via an unspecified method. This is related to files or directories being accessible to external parties. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Guacamole versions 0.9.8 through 0.9.9 **Description** A cross-site scripting (XSS) issue exists in the file browser when file transfer is enabled to a shared location. This allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. **Recommendations** For Guacamole versions 0.9.8 and 0.9.9, update the guacamole.war file to the version fixed on 2016-01-13 to resolve the issue.