Pavel Toporkov

**Nome do software vulnerável e versões afetadas** Versões do OpenStack Neutron anteriores à 16.4.1 Versões do OpenStack Neutron 17.x anteriores à 17.2.1 Versões do OpenStack Neutron 18.x anteriores à 18.1.1 **Descrição** Foi descoberta uma vulnerabilidade no OpenStack Neutron. Invasores autenticados podem reconfigurar o dnsmasq por meio de um valor `extra dhcp opts` malicioso. **Recomendações** Para versões do OpenStack Neutron anteriores à 16.4.1, atualize para a versão 16.4.1 ou posterior. Para versões do OpenStack Neutron 17.x anteriores à 17.2.1, atualize para a versão 17.2.1 ou posterior. Para versões do OpenStack Neutron 18.x anteriores à 18.1.1, atualize para a versão 18.1.1 ou posterior. Como solução alternativa temporária, considere restringir o uso do valor `extra dhcp opts` para minimizar o risco de exploração.

**Name of the Vulnerable Software and Affected Versions** EN100 Ethernet module firmware variant PROFINET IO versions prior to V1.04.01 EN100 Ethernet module firmware variant Modbus TCP versions prior to V1.11.00 EN100 Ethernet module firmware variant DNP3 TCP versions prior to V1.03 EN100 Ethernet module firmware variant IEC 104 versions prior to V1.21 EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 versions prior to 1.02.02 SIPROTEC 7SJ686 versions prior to V 4.83 SIPROTEC 7UT686 versions prior to V 4.01 SIPROTEC 7SD686 versions prior to V 4.03 SIPROTEC 7SJ66 versions prior to V 4.20 **Description** A vulnerability has been identified that could allow remote attackers to obtain sensitive device information if network access is obtained. This issue affects the integrated web server of the affected devices, specifically on port 80/tcp. **Recommendations** For EN100 Ethernet module firmware variant PROFINET IO versions prior to V1.04.01, update to version V1.04.01 or later. For EN100 Ethernet module firmware variant Modbus TCP versions prior to V1.11.00, update to version V1.11.00 or later. For EN100 Ethernet module firmware variant DNP3 TCP versions prior to V1.03, update to version V1.03 or later. For EN100 Ethernet module firmware variant IEC 104 versions prior to V1.21, update to version V1.21 or later. For EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 versions prior to 1.02.02, update to version 1.02.02 or later. For SIPROTEC 7SJ686 versions prior to V 4.83, update to version V 4.83 or later. For SIPROTEC 7UT686 versions prior to V 4.01, update to version V 4.01 or later. For SIPROTEC 7SD686 versions prior to V 4.03, update to version V 4.03 or later. For SIPROTEC 7SJ66 versions prior to V 4.20, update to version V 4.20 or later.

**Name of the Vulnerable Software and Affected Versions** Firmware variant PROFINET IO for EN100 Ethernet module versions prior to V1.04.01 Firmware variant Modbus TCP for EN100 Ethernet module versions prior to V1.11.00 Firmware variant DNP3 TCP for EN100 Ethernet module versions prior to V1.03 Firmware variant IEC 104 for EN100 Ethernet module versions prior to V1.21 EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 versions prior to 1.02.02 **Description** A vulnerability has been identified that could allow remote attackers to obtain a limited amount of device memory content if network access was obtained, affecting the integrated web server on port 80/tcp of the affected devices. **Recommendations** For Firmware variant PROFINET IO for EN100 Ethernet module versions prior to V1.04.01, update to version V1.04.01 or later. For Firmware variant Modbus TCP for EN100 Ethernet module versions prior to V1.11.00, update to version V1.11.00 or later. For Firmware variant DNP3 TCP for EN100 Ethernet module versions prior to V1.03, update to version V1.03 or later. For Firmware variant IEC 104 for EN100 Ethernet module versions prior to V1.21, update to version V1.21 or later. For EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 versions prior to 1.02.02, update to version 1.02.02 or later. As a temporary workaround, consider restricting access to the integrated web server on port 80/tcp to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle Siebel CRM versions 8.1.1 and 8.2.2 **Description** The issue affects confidentiality and is related to the Portal Framework in the Siebel UI Framework component. The exact vectors of the attack are unknown. **Recommendations** For Oracle Siebel CRM version 8.1.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Oracle Siebel CRM version 8.2.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle E-Business Suite versions 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, 12.1.3 **Description** The issue affects the integrity of the system, allowing remote attackers to exploit it via unknown vectors related to the View Payslip feature in the Oracle Payroll component. **Recommendations** For Oracle E-Business Suite version 11.5.10.2, update to a version that includes the fix for this issue. For Oracle E-Business Suite version 12.0.6, update to a version that includes the fix for this issue. For Oracle E-Business Suite versions 12.1.1, 12.1.2, 12.1.3, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle E-Business Suite versions 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 **Description** The issue affects confidentiality and integrity, and it is related to Campaign Management in the Oracle Marketing component. The exact nature of the vulnerability and the vectors used for exploitation are not specified. **Recommendations** For Oracle E-Business Suite version 11.5.10.2, update to a version that includes the fix for this issue. For Oracle E-Business Suite version 12.0.6, update to a version that includes the fix for this issue. For Oracle E-Business Suite version 12.1.1, update to a version that includes the fix for this issue. For Oracle E-Business Suite version 12.1.2, update to a version that includes the fix for this issue. For Oracle E-Business Suite version 12.1.3, update to a version that includes the fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Oracle E-Business Suite versions 11.5.10.2, 12.0.6, and 12.1.3 **Description** The issue affects confidentiality and integrity, allowing remote attackers to exploit it via unknown vectors related to the Application Framework in the Oracle CRM Technical Foundation component. **Recommendations** For Oracle E-Business Suite version 11.5.10.2, update to a version that includes the fix for this issue. For Oracle E-Business Suite version 12.0.6, update to a version that includes the fix for this issue. For Oracle E-Business Suite version 12.1.3, update to a version that includes the fix for this issue.