Abel Iglesias Iglesias

**Name of the Vulnerable Software and Affected Versions** CyberArk Privileged Access Manager Self-Hosted versions prior to 14.4 **Description** The issue arises from inadequate handling of environment problems that can lead to Host header injection. This can potentially allow attackers to manipulate the `Host` header, which could lead to security issues. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions prior to 14.4, update to version 14.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the PVWA (Password Vault Web Access) to minimize the risk of exploitation. Avoid using the `Host` header in sensitive operations until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** opentext Service Management Automation X (SMAX) versions 2020.05 through 2022.11 opentext Asset Management X (AMX) versions 2021.08 through 2022.11 **Description** The issue is an open redirect vulnerability that could allow attackers to redirect a user to malicious websites. **Recommendations** For opentext Service Management Automation X (SMAX) versions 2020.05 through 2022.11, update to a version that contains a fix for this issue. For opentext Asset Management X (AMX) versions 2021.08 through 2022.11, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JavaMelody versions prior to 1.60.1 **Description** The issue allows for XSS via the `counter` parameter in a `clear counter` action to the "/monitoring" API endpoint. **Recommendations** For JavaMelody versions prior to 1.60.1, update to version 1.60.1 or later to resolve the issue.