Aamir Rehman

**Name of the Vulnerable Software and Affected Versions** IT Solutions Enjay CRM OS version 1.0 **Description** The issue in the Hardware info module allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system. **Recommendations** For IT Solutions Enjay CRM OS version 1.0, consider restricting access to the Hardware info module until a patch is available. As a temporary workaround, disabling the Hardware info module may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IT Solutions Enjay CRM OS version 1.0 **Description** The issue in the Ping feature allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system. **Recommendations** For IT Solutions Enjay CRM OS version 1.0, consider disabling the Ping feature as a temporary workaround until a patch is available. Restrict access to the terminal environment to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle WebCenter Content versions 12.2.1.4.0 **Description** The issue is related to insufficient input validation in the Content Server component of Oracle WebCenter Content, allowing a remote attacker to gain access to confidential information. Successful exploitation can result in unauthorized read access to a subset of Oracle WebCenter Content accessible data. **Recommendations** For version 12.2.1.4.0, update to a newer version that contains a fix for this issue to prevent unauthorized access to confidential information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Granding UTime Master version 9.0.7-Build:Apr 4,2023 **Description** A stored cross-site scripting issue in the Create A New Employee function allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `First Name` parameter. **Recommendations** For Granding UTime Master version 9.0.7-Build:Apr 4,2023, consider disabling the Create A New Employee function until a patch is available to prevent exploitation. Restrict access to this function to minimize the risk of arbitrary web script or HTML execution. Avoid using the `First Name` parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GRANDING UTime Master version 9.0.7-Build:Apr 4,2023 **Description** The issue is related to an indirect object reference (IDOR) that allows authenticated attackers to access sensitive information. This is achieved via a crafted cookie. **Recommendations** For GRANDING UTime Master version 9.0.7-Build:Apr 4,2023, consider restricting access to sensitive information until a patch is available. As a temporary workaround, avoid using crafted cookies to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ZKBio ECO ADMS versions 3.1-164 and earlier **Description** The issue is related to Cross Site Scripting (XSS), which is a type of security vulnerability that can be exploited by attackers to inject malicious scripts into websites or web applications. **Recommendations** For versions 3.1-164 and earlier, update to a version later than 3.1-164 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ZKBio Time version 8.0.7 **Description** A CSV injection issue allows attackers to execute arbitrary code via a crafted payload injected into the `Content` text field of the `Add New Message` module. **Recommendations** For version 8.0.7, consider disabling the `Add New Message` module until a patch is available to prevent exploitation of the CSV injection issue. Restrict access to the `Content` text field to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Invicti Acunetix versions prior to 14 **Description** The issue allows CSV injection via the `Description` field on the Add Targets page, specifically when the Export CSV feature is used. This can occur when using the `/api` endpoint for target management, although the exact endpoint is not specified. The `Description` field is vulnerable to injection, potentially allowing malicious data to be inserted into CSV exports. **Recommendations** For Invicti Acunetix versions prior to 14, update to version 14 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the Export CSV feature until the update is applied. Additionally, restrict access to the Add Targets page and the Description field to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ericsson ECM versions prior to 18.0 **Description** The Security Management Endpoint in the User Profile Management Section is vulnerable to stored XSS via a `name`, leading to session hijacking and full account takeover. **Recommendations** For versions prior to 18.0, update to version 18.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Security Management Endpoint in the User Profile Management Section to minimize the risk of exploitation. Avoid using the `name` field in a way that could introduce malicious content until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Ericsson ECM versions prior to 18.0 **Description** The issue is related to a CSV Injection vulnerability in the Security Provider Endpoint within the User Profile Management Section. **Recommendations** For versions prior to 18.0, update to version 18.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Security Provider Endpoint in the User Profile Management Section until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Ericsson BSCS iX R18 Billing & Rating iX R18 **Description** The issue concerns a stored XSS vulnerability in the MX web-based module of Ericsson BSCS iX, specifically via an Alert Dashboard comment. This vulnerability can potentially lead to session hijacking, allowing for full account takeover. Additionally, it may enable exploiting admins' browsers using the beef framework. **Recommendations** For Ericsson BSCS iX R18 Billing & Rating iX R18, consider disabling the Alert Dashboard comment feature in the MX module until a patch is available to prevent exploitation of the stored XSS vulnerability. Restrict access to the MX module to minimize the risk of session hijacking and subsequent account takeover. Avoid using the Alert Dashboard comment feature in the affected module until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Ericsson BSCS iX R18 Billing & Rating iX R18 **Description** The issue concerns a stored XSS vulnerability in the ADMX web-based module, specifically via the `name` or `description` field in the `solutionUnitServlet?SuName=UserReferenceDataSU Access Rights Group` endpoint. This vulnerability can potentially lead to session hijacking, allowing for full account takeover or exploiting administrators' browsers using the beef framework. **Recommendations** For Ericsson BSCS iX R18 Billing & Rating iX R18, consider disabling access to the vulnerable `solutionUnitServlet` endpoint until a fix is available, and restrict input for the `name` and `description` fields to prevent XSS attacks.