Octav Opaschi

**Nome do software vulnerável e versões afetadas: Confluent Ansible (cp-ansible), versões 5.5.0 a 6.0.0 Descrição: A vulnerabilidade permite que invasores locais acessem informações confidenciais, incluindo chaves privadas e o banco de dados de estado, devido a permissões inseguras. Recomendações: Para as versões 5.5.0 a 6.0.0, atualize as permissões para proteger informações confidenciais, garantindo que apenas o acesso autorizado seja permitido às chaves privadas e ao banco de dados de estado. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas: Confluent Ansible (cp-ansible), versões 5.5.0 a 6.0.0 Descrição: O problema está relacionado a um controle de acesso incorreto por meio de um componente auxiliar, permitindo que invasores remotos acessem informações confidenciais. Recomendações: Para as versões 5.5.0 a 6.0.0, atualize para uma versão que corrija o problema de controle de acesso incorreto para impedir que invasores remotos acessem informações confidenciais.

**Name of the Vulnerable Software and Affected Versions** Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode (affected versions not specified) **Description** A vulnerability could allow an authenticated, remote attacker to access sensitive information. The issue occurs because the affected software does not properly validate user-supplied input. An attacker could exploit this by issuing certain commands with filtered query results on the device, potentially causing returned messages to display confidential system information. A successful exploit could allow the attacker to read sensitive information on the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Application Policy Infrastructure Controller versions prior to 4.2(0.21c) **Description** The issue is related to insufficient access control when connecting via IPv6, which could allow an attacker to gain unauthorized access to the device. This is due to a lack of proper access control mechanisms for IPv6 link-local connectivity imposed on the management interface of an affected device. An attacker on the same physical network could exploit this by attempting to connect to the IPv6 link-local address on the affected device, potentially bypassing default access control restrictions. **Recommendations** For versions prior to 4.2(0.21c), update to version 4.2(0.21c) or later to resolve the issue. As a temporary workaround, consider restricting access to the management interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Cordaware bestinformed Microsoft Windows client versions prior to 6.2.1.0 **Description** The issue is related to insecure implementations in the Scripting and AutoUpdate functionality, allowing remote attackers to execute arbitrary commands and escalate privileges. **Recommendations** For versions prior to 6.2.1.0, update to version 6.2.1.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows client versions prior to 6.2.1.0 **Description** The issue concerns insecure SSL certificate verification and insecure access patterns, allowing remote attackers to downgrade encrypted connections to cleartext. **Recommendations** For versions prior to 6.2.1.0, update to version 6.2.1.0 or later to resolve the issue.