An Trinh

**Name of the Vulnerable Software and Affected Versions** Argo CD versions prior to 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 **Description** The issue is related to a cross-server request forgery (CSRF) attack. An attacker can trick an authenticated Argo CD user into loading a web page that contains code to call Argo CD API endpoints on the victim's behalf. This can be done by sending a link to a page that looks harmless but in the background calls an Argo CD API endpoint to create an application running malicious code. The attack is possible when the attacker has the ability to write HTML to a page on the same parent domain as Argo CD. The `Content-Type` header is not properly validated, allowing an attacker to bypass the browser's CORS check by setting the content type to something considered "not sensitive" such as `text/plain`. The browser wouldn't send the preflight request, and Argo CD would accept the contents and perform the requested action. **Recommendations** To resolve the issue, upgrade to one of the following versions: 2.10-rc2, 2.9.4, 2.8.8, or 2.7.15. Note that the patch contains a breaking API change, and the Argo CD API will no longer accept non-GET requests that do not specify `application/json` as their `Content-Type`. The accepted content types list is configurable, but it is discouraged to disable the content type check completely. As a temporary workaround, consider restricting access to the Argo CD API endpoints to minimize the risk of exploitation. Avoid using the `Content-Type` header with values other than `application/json` in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Dell SRM versions prior to 4.5.0.1 Dell SMR versions prior to 4.5.0.1 **Description** The issue allows a remote unauthenticated attacker to potentially exploit an Untrusted Deserialization Vulnerability, leading to arbitrary privileged code execution on the vulnerable application. This may result in system compromise by unauthenticated attackers. **Recommendations** For Dell SRM versions prior to 4.5.0.1, update to version 4.5.0.1 or later. For Dell SMR versions prior to 4.5.0.1, update to version 4.5.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** VMware GemFire versions prior to 9.10.0 VMware GemFire versions 9.9.1 and earlier VMware GemFire versions 9.8.5 and earlier VMware GemFire versions 9.7.5 and earlier VMware Tanzu GemFire for VMs versions prior to 1.11.0 VMware Tanzu GemFire for VMs versions 1.10.1 and earlier VMware Tanzu GemFire for VMs versions 1.9.2 and earlier VMware Tanzu GemFire for VMs versions 1.8.2 and earlier **Description** The JMX service in the affected software is available to the network and does not properly restrict input. A remote authenticated malicious user may request against the service with a crafted set of credentials, leading to remote code execution. **Recommendations** For VMware GemFire versions prior to 9.10.0, update to version 9.10.0 or later. For VMware GemFire versions 9.9.1 and earlier, update to version 9.9.1 or later, but since 9.10.0 is available, update to 9.10.0 or later. For VMware GemFire versions 9.8.5 and earlier, update to version 9.8.5 or later, but since 9.10.0 is available, update to 9.10.0 or later. For VMware GemFire versions 9.7.5 and earlier, update to version 9.7.5 or later, but since 9.10.0 is available, update to 9.10.0 or later. For VMware Tanzu GemFire for VMs versions prior to 1.11.0, update to version 1.11.0 or later. For VMware Tanzu GemFire for VMs versions 1.10.1 and earlier, update to version 1.10.1 or later, but since 1.11.0 is available, update to 1.11.0 or later. For VMware Tanzu GemFire for VMs versions 1.9.2 and earlier, update to version 1.9.2 or later, but since 1.11.0 is available, update to 1.11.0 or later. For VMware Tanzu GemFire for VMs versions 1.8.2 and earlier, update to version 1.8.2 or later, but since 1.11.0 is available, update to 1.11.0 or later. As a temporary workaround, consider restricting access to the JMX service to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** vRealize Operations for Horizon Adapter versions 6.6.x prior to 6.6.1 vRealize Operations for Horizon Adapter versions 6.7.x prior to 6.7.1 **Description** The issue is related to the insecure configuration of a JMX RMI service in vRealize Operations for Horizon Adapter. An unauthenticated remote attacker with network access to vRealize Operations, where the Horizon Adapter is running, may be able to execute arbitrary code. The vulnerability is also associated with insufficient input validation, which can allow a remote attacker to execute arbitrary code. **Recommendations** For versions 6.6.x prior to 6.6.1, update to version 6.6.1 or later. For versions 6.7.x prior to 6.7.1, update to version 6.7.1 or later. As a temporary workaround, consider disabling the JMX RMI service until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Pivotal tc Server versions 3.x prior to 3.2.19 Pivotal tc Server versions 4.x prior to 4.0.10 Pivotal tc Runtimes versions 7.x prior to 7.0.99.B Pivotal tc Runtimes versions 8.x prior to 8.5.47.A Pivotal tc Runtimes versions 9.x prior to 9.0.27.A **Description** A local attacker without access to the tc Runtime process or configuration files can manipulate the RMI registry to perform a man-in-the-middle attack. This allows the attacker to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the tc Runtime instance. This issue occurs when a tc Runtime instance is configured with the JMX Socket Listener. **Recommendations** For Pivotal tc Server versions 3.x prior to 3.2.19, update to version 3.2.19 or later. For Pivotal tc Server versions 4.x prior to 4.0.10, update to version 4.0.10 or later. For Pivotal tc Runtimes versions 7.x prior to 7.0.99.B, update to version 7.0.99.B or later. For Pivotal tc Runtimes versions 8.x prior to 8.5.47.A, update to version 8.5.47.A or later. For Pivotal tc Runtimes versions 9.x prior to 9.0.27.A, update to version 9.0.27.A or later. As a temporary workaround, consider disabling the JMX Socket Listener until a patch is available. Restrict access to the JMX interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Synacor Zimbra Collaboration Suite versions 8.7.x through 8.8.11 **Description** The issue concerns insecure object deserialization in the IMAP component. **Recommendations** For versions 8.7.x through 8.8.11, update to a version that includes a fix for the insecure object deserialization issue in the IMAP component.

**Name of the Vulnerable Software and Affected Versions** Zimbra Collaboration Suite versions 8.7.x through 8.7.11p9 **Description** The issue is related to an XML External Entity injection (XXE) vulnerability in the mailboxd component of the Zimbra Collaboration Suite, specifically affecting the Autodiscover/Autodiscover.xml endpoint. This vulnerability can be exploited by a remote attacker to perform an XXE attack. The vulnerability is due to improper restriction of XML external entity references. **Recommendations** For Zimbra Collaboration Suite versions 8.7.x through 8.7.11p9, update to version 8.7.11p10 or later to resolve the issue. As a temporary workaround, consider restricting access to the Autodiscover/Autodiscover.xml endpoint until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Zimbra Collaboration Suite versions 8.7.x through 8.8.11 **Description** The issue allows for Blind Server-Side Request Forgery (SSRF) in the Feed component. **Recommendations** For Zimbra Collaboration Suite versions 8.7.x through 8.8.11, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Zimbra Collaboration Suite versions prior to 8.6 patch 13 Zimbra Collaboration Suite versions 8.7.x prior to 8.7.11 patch 10 Zimbra Collaboration Suite versions 8.8.x prior to 8.8.10 patch 7 Zimbra Collaboration Suite versions 8.8.x prior to 8.8.11 patch 3 **Description** The issue resides in insufficient input validation within Zimbra Collaboration Suite. Exploitation of this issue may allow a remote attacker to perform a Server-Side Request Forgery (SSRF) attack via the `ProxyServlet` component. SSRF occurs when an attacker can cause the server to make requests to unintended locations. **Recommendations** Zimbra Collaboration Suite versions prior to 8.6 patch 13 should be updated to version 8.6 patch 13 or later. Zimbra Collaboration Suite versions 8.7.x prior to 8.7.11 patch 10 should be updated to version 8.7.11 patch 10 or later. Zimbra Collaboration Suite versions 8.8.x prior to 8.8.10 patch 7 should be updated to version 8.8.10 patch 7 or later. Zimbra Collaboration Suite versions 8.8.x prior to 8.8.11 patch 3 should be updated to version 8.8.11 patch 3 or later.