Aleksey-Vi

**Name of the Vulnerable Software and Affected Versions** E-Staff version 5.1 **Description** A CRLF injection issue allows attackers to insert Carriage Return (CR) and Line Feed (LF) characters into input fields, leading to HTTP response splitting and header manipulation. **Recommendations** For E-Staff version 5.1, update to a version that fixes this issue, as the current version allows for CRLF injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Knovos Discovery version 22.67.0 **Description** An issue in the software allows a remote attacker to obtain sensitive information via the "/DiscoveryReview/Service/CaseManagement.svc/GetProductSiteName" component. **Recommendations** For Knovos Discovery version 22.67.0, consider restricting access to the "/DiscoveryReview/Service/CaseManagement.svc/GetProductSiteName" component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.