Paul Taylor

**Name of the Vulnerable Software and Affected Versions** Dell EMC RecoverPoint versions prior to 5.1.2.1 Dell EMC RecoverPoint for VMs versions prior to 5.2.0.2 **Description** The issue allows a malicious `boxmgmt` user to potentially determine the existence of any system file via `Boxmgmt CLI`. This is an information disclosure issue. **Recommendations** For Dell EMC RecoverPoint versions prior to 5.1.2.1, update to version 5.1.2.1 or later. For Dell EMC RecoverPoint for VMs versions prior to 5.2.0.2, update to version 5.2.0.2 or later.

**Name of the Vulnerable Software and Affected Versions** Dell EMC RecoverPoint versions prior to 5.1.2.1 Dell EMC RecoverPoint for VMs versions prior to 5.2.0.2 **Description** The issue allows a malicious `boxmgmt` user to potentially consume a large amount of CPU bandwidth, making the system slow. It may also enable the determination of the existence of any system file via `Boxmgmt CLI`. **Recommendations** For Dell EMC RecoverPoint versions prior to 5.1.2.1, update to version 5.1.2.1 or later. For Dell EMC RecoverPoint for VMs versions prior to 5.2.0.2, update to version 5.2.0.2 or later.

**Name of the Vulnerable Software and Affected Versions** Dell EMC RecoverPoint versions prior to 5.1.2 Dell EMC RecoverPoint for VMs versions prior to 5.1.1.3 **Description** The issue allows an unauthenticated remote attacker to potentially execute arbitrary commands on the affected system with root privilege due to a command injection vulnerability. **Recommendations** For Dell EMC RecoverPoint versions prior to 5.1.2, update to version 5.1.2 or later. For Dell EMC RecoverPoint for VMs versions prior to 5.1.1.3, update to version 5.1.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** Dell EMC RecoverPoint versions prior to 5.1.2 Dell EMC RecoverPoint for VMs versions prior to 5.1.1.3 **Description** The issue may cause an LDAP password to be leaked in plain-text into the log file under certain conditions. An authenticated malicious user with access to the log files may obtain the exposed password for use in further attacks. **Recommendations** For Dell EMC RecoverPoint versions prior to 5.1.2, update to version 5.1.2 or later to resolve the issue. For Dell EMC RecoverPoint for VMs versions prior to 5.1.1.3, update to version 5.1.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the RecoverPoint log files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** EMC RecoverPoint for Virtual Machines versions prior to 5.1.1 EMC RecoverPoint version 5.1.0.0 EMC RecoverPoint versions prior to 5.0.1.3 **Description** An issue was discovered that allows a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges due to a command injection vulnerability in the Admin CLI. **Recommendations** For EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, update to version 5.1.1 or later. For EMC RecoverPoint version 5.1.0.0, update to a version later than 5.1.0.0. For EMC RecoverPoint versions prior to 5.0.1.3, update to version 5.0.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** Telerik UI for ASP.NET AJAX versions prior to R1 2017 Telerik UI for ASP.NET AJAX R2 versions prior to R2 2017 SP2 **Description** The issue is related to weak encryption in RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. This can be exploited by a remote attacker to upload files or execute code. **Recommendations** For versions prior to R1 2017, update to R1 2017 or later to resolve the issue. For R2 versions prior to R2 2017 SP2, update to R2 2017 SP2 or later to resolve the issue. As a temporary workaround, consider disabling the RadAsyncUpload feature until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Progress Telerik UI for ASP.NET AJAX versions prior to R2 2017 SP2 **Description** The issue is related to insufficient input validation in the RadAsyncUpload component, allowing remote attackers to perform arbitrary file uploads or execute arbitrary code. This can be exploited by a remote attacker to gain unauthorized access or execute malicious code. **Recommendations** For versions prior to R2 2017 SP2, update to R2 2017 SP2 or later to resolve the issue. As a temporary workaround, consider restricting access to the RadAsyncUpload component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NfSen versions prior to 1.3.8 **Description** The issue allows remote attackers to execute arbitrary OS commands via shell metacharacters in the `customfmt` parameter, also known as the "Custom output format" field. **Recommendations** For versions prior to 1.3.8, update to version 1.3.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the `customfmt` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Progress Telerik UI for ASP.NET AJAX versions prior to R2 2017 SP1 Sitefinity versions prior to 10.0.6412.0 **Description** The issue is related to insufficient protection of registration data in the Telerik.Web.UI.dll library, which is part of the Telerik UI for ASP.NET AJAX and Sitefinity content management system. This weakness can be exploited by a remote attacker to reveal encryption keys, specifically `Telerik.Web.UI.DialogParametersEncryptionKey` and/or `MachineKey`. This can lead to a MachineKey leak, arbitrary file uploads or downloads, cross-site scripting (XSS), or ASP.NET ViewState compromise. **Recommendations** For Progress Telerik UI for ASP.NET AJAX versions prior to R2 2017 SP1, update to R2 2017 SP1 or later. For Sitefinity versions prior to 10.0.6412.0, update to 10.0.6412.0 or later. As a temporary workaround, consider restricting access to the `Telerik.Web.UI.DialogParametersEncryptionKey` and `MachineKey` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BMC Server Automation versions prior to 8.6 SP1 Patch 2 BMC Server Automation versions prior to 8.7 Patch 3 **Description** The issue allows remote attackers to bypass authorization checks and make an RPC call. **Recommendations** For versions prior to 8.6 SP1 Patch 2, update to 8.6 SP1 Patch 2 or later. For versions prior to 8.7 Patch 3, update to 8.7 Patch 3 or later.

**Name of the Vulnerable Software and Affected Versions** AlienVault USM (Unified Security Management) and OSSIM (Open Source Security Information Management) (affected versions not specified) NfSen (affected versions not specified) **Description** The issue is related to insufficient access control in the web interface of the affected systems, allowing a remote attacker to exploit the weakness, potentially leading to privilege escalation and arbitrary code execution by resetting privilege settings. **Recommendations** For AlienVault USM and OSSIM, restrict access to the web interface until a fix is available. For NfSen, consider disabling remote access to the web interface as a temporary workaround. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AlienVault USM and OSSIM versions prior to 5.3.7 NfSen versions prior to 1.3.8 **Description** The issue allows remote authenticated users to execute arbitrary commands in a privileged context or launch a reverse shell. This is achieved through vectors involving the PHP session ID and the NfSen PHP code. **Recommendations** For AlienVault USM and OSSIM versions prior to 5.3.7, update to version 5.3.7 or later. For NfSen versions prior to 1.3.8, update to version 1.3.8 or later.

**Name of the Vulnerable Software and Affected Versions** AlienVault USM and OSSIM versions prior to 5.3.7 NfSen versions prior to 1.3.8 **Description** The issue allows local users to execute arbitrary commands in a privileged context via an NfSen socket. **Recommendations** For AlienVault USM and OSSIM versions prior to 5.3.7, update to version 5.3.7 or later. For NfSen versions prior to 1.3.8, update to version 1.3.8 or later.

**Name of the Vulnerable Software and Affected Versions** Redgate SQL Monitor versions prior to 3.10 Redgate SQL Monitor versions 4.x prior to 4.2 **Description** A remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these machines using an account with SQL admin privileges, then code execution on the operating system can result in full system compromise, provided Microsoft SQL Server is running with local administrator privileges. **Recommendations** For Redgate SQL Monitor versions prior to 3.10, update to version 3.10 or later. For Redgate SQL Monitor versions 4.x prior to 4.2, update to version 4.2 or later. As a temporary workaround, consider restricting the privileges of the account used by the Base Monitor to connect to Microsoft SQL Server machines to minimize the risk of exploitation.