Aamir Rehman Yousafzai

**Name of the Vulnerable Software and Affected Versions** Oracle E-Business Suite versions 12.2.3 through 12.2.14 **Description** The issue allows an unauthenticated attacker with network access via HTTP to compromise Oracle iStore, resulting in unauthorized access to critical data or complete access to all Oracle iStore accessible data. **Recommendations** For versions 12.2.3 through 12.2.14, update to a version that includes the fix for this issue to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle E-Business Suite versions 12.2.4 through 12.2.14 **Description** The issue allows an unauthenticated attacker with network access via HTTP to compromise Oracle User Management, resulting in unauthorized access to critical data or complete access to all Oracle User Management accessible data. **Recommendations** For versions 12.2.4 through 12.2.14, update to a version that includes the fix for this issue to prevent unauthorized access. As a temporary workaround, consider restricting access to the Search and Register Users component until a patch is available. Restrict network access via HTTP to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Avaya Aura Experience Portal Manager versions 8.0.x through 8.1.x prior to 8.1.2 patch 0402 Avaya Aura Experience Portal Manager versions prior to 8.0 **Description** Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager, which may allow partial information disclosure to an authenticated non-privileged user. **Recommendations** For Avaya Aura Experience Portal Manager versions 8.0.x through 8.1.x prior to 8.1.2 patch 0402, apply patch 0402 to resolve the issue. For Avaya Aura Experience Portal Manager versions prior to 8.0, consider upgrading to a supported version, as these versions are end of manufacturer support.

**Name of the Vulnerable Software and Affected Versions** Avaya Call Management System (CMS) Supervisor (affected versions not specified) **Description** A CSV injection issue was found in the Avaya Call Management System (CMS) Supervisor web application, allowing a user with administrative privileges to input crafted data. When this data is exported to a CSV file and opened by a spreadsheet software such as Microsoft Excel, it may attempt arbitrary command execution on the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netskope version 75.0 **Description** A CSV injection vulnerability in the Admin portal allows an unauthenticated user to inject a malicious payload, potentially compromising the admin's system. **Recommendations** For Netskope version 75.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.