0Xbytehunter

**Name of the Vulnerable Software and Affected Versions** Ivanti LANDesk Management Gateway versions 4.2-1.9 **Description** A directory traversal issue exists, allowing an attacker to bypass access controls and gain unauthorized access to various endpoints within the management web panel by appending `%3F.php` to the URI of the `/client/index.php` endpoint. This could potentially expose sensitive device information. **Recommendations** For versions 4.2-1.9, consider restricting access to the `/client/index.php` endpoint until a fix is available. As a temporary workaround, avoid using the `/client/index.php` endpoint with appended parameters like `%3F.php` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Becon DATAGerry versions prior to 2.3 **Description** The /rest/rights/ REST API endpoint contains an Incorrect Access Control issue, allowing an attacker to remotely access this endpoint without authentication. This leads to the unauthorized disclosure of sensitive information. **Recommendations** For versions prior to 2.3, update to version 2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the /rest/rights/ endpoint until a patch is available.