Pablo Arias Rodriguez

**Name of the Vulnerable Software and Affected Versions** Arconte Áurea version 1.5.0.0 **Description** The issue allows an attacker to read sensitive data from the database, modify data (insert/update/delete), perform database administration operations and, in some cases, execute commands on the operating system. **Recommendations** For version 1.5.0.0, consider applying security patches or updates to fix the SQL injection vulnerability, as this would prevent an attacker from exploiting the issue to access or modify sensitive data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Arconte Áurea version 1.5.0.0 **Description** The issue is a reflected and persistent XSS vulnerability that could allow an attacker to inject malicious JavaScript code. This could compromise the victim's browser, take control of it, redirect the user to malicious domains, or access information being viewed by the legitimate user. **Recommendations** For Arconte Áurea version 1.5.0.0, consider disabling JavaScript execution in the browser as a temporary workaround until a patch is available. Restrict access to sensitive information and avoid using the software until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ARCONTE Aurea version 1.5.0.0 **Description** The authentication system could allow an attacker to make incorrect access requests, blocking each legitimate account and causing a denial of service. A resource has been identified that could allow circumventing the attempt limit set in the login form. **Recommendations** For version 1.5.0.0, consider restricting access to the login form to minimize the risk of exploitation. As a temporary workaround, limit the number of incorrect access requests to prevent denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Arconte Áurea version 1.5.0.0 **Description** The issue allows an attacker to obtain a list of registered users in the application, which could be used to perform more complex attacks on the platform. This is a user enumeration vulnerability, where an attacker can exploit it to gain necessary information about the users. **Recommendations** For Arconte Áurea version 1.5.0.0, consider restricting access to user registration information as a temporary workaround until a patch is available. Avoid using any functionality that may reveal user enumeration data to unauthorized parties. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Fujitsu Arconte Áurea version 1.5.0.0 **Description** The issue is related to a weak password recovery mechanism, which could allow an attacker to perform a brute force attack on the emailed PIN number in order to change the password of a legitimate user. **Recommendations** For Fujitsu Arconte Áurea version 1.5.0.0, consider temporarily restricting the use of the password recovery mechanism until a patch is available. As a mitigation measure, restrict access to the password recovery feature to minimize the risk of exploitation.