Andreas Pfefferle

Name of the Vulnerable Software and Affected Versions VertiGIS FM (affected versions not specified) Description A reflected cross-site scripting (XSS) vulnerability exists in the dashboard search functionality. Attackers can create a malicious URL that, when visited by an authenticated user, executes arbitrary JavaScript code within the user's session. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions VertiGIS FM version 10.5.00119 (0d29d428) Description A local file inclusion issue exists in the upload/download functionality of VertiGIS FM. Authenticated attackers can read arbitrary files from the server by manipulating a file's path during upload. Downloading the file then returns the attacker-controlled file. The ASP.NET architecture may allow for remote code execution if the `web.config` file is obtained. UNC path resolution may also enable NTLM-relaying attacks. Recommendations Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpLDAPadmin versions 1.2.1 through 1.2.6.7 **Description** A reflected cross-site scripting (XSS) issue in the 'Entry Chooser' of phpLDAPadmin allows attackers to execute arbitrary JavaScript in the user's browser via the `element` parameter, which is unsafely passed to the JavaScript `eval` function. However, exploitation is limited to specific conditions where `opener` is correctly set. **Recommendations** For phpLDAPadmin versions 1.2.1 through 1.2.6.7, as a temporary workaround, consider restricting the use of the 'Entry Chooser' feature until a patch is available. Avoid using the `element` parameter in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpLDAPadmin versions 1.2.0 through 1.2.6.7 **Description** The issue allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet product. This could lead to CSV Formula Injection. **Recommendations** For phpLDAPadmin versions 1.2.0 through 1.2.6.7, consider disabling the export functionality to CSV files until a patch is available to neutralize special elements. Restrict access to the export feature to minimize the risk of exploitation. Avoid opening CSV files exported from the LDAP directory in spreadsheet products that could interpret special elements as commands.

**Name of the Vulnerable Software and Affected Versions** Bludit (affected versions not specified) **Description** The issue concerns the use of the SHA-1 hashing algorithm to compute password hashes, which allows attackers to determine cleartext passwords with brute-force attacks due to the inherent speed of SHA-1. Additionally, the salt generated by Bludit is computed with a non-cryptographically secure function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bludit (affected versions not specified) **Description** The issue concerns the use of predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens, such as the API token and the `user token`. This allows attackers to authenticate against the Bludit API. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bludit (affected versions not specified) **Description** A security issue has been identified, allowing attackers with knowledge of the API token to upload arbitrary files through the "File API" which leads to arbitrary code execution on the server. This issue arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bludit (affected versions not specified) **Description** A security issue has been identified, allowing authenticated attackers to execute arbitrary code through the "Image API" endpoint. This issue arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bludit (affected versions not specified) **Description** A session fixation issue allows an attacker to bypass the server's authentication by tricking an administrator or any user into authorizing a session ID of their choosing. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Cloud Pak for Data versions 4.5 through 4.6 **Description** The issue allows a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. **Recommendations** For versions 4.5 and 4.6, consider restricting file upload capabilities to prevent the processing of malicious files until a patch is available. As a temporary workaround, limit the privileges of users who can upload files to minimize the risk of exploitation.