Andy Olchawa

**Name of the Vulnerable Software and Affected Versions** NASA CryptoLib version 1.3.0 **Description** The issue is related to an Out-of-Bounds read via the TM subsystem in the crypto tm.c file. **Recommendations** For NASA CryptoLib version 1.3.0, consider restricting access to the TM subsystem until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NASA CryptoLib version 1.3.0 **Description** The issue is related to an Out-of-Bounds read via the AOS subsystem in the crypto aos.c file. **Recommendations** For NASA CryptoLib version 1.3.0, consider restricting access to the AOS subsystem until a patch is available. As a temporary workaround, avoid using the crypto aos.c file in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NATO NCI ANET version 3.4.1 **Description** The issue concerns mishandling of report ownership. A user can create a report and change its author to any arbitrary user without their consent or knowledge. This is achieved by modifying the UUID in a POST request, bypassing the restrictions imposed by the user interface. **Recommendations** For NATO NCI ANET version 3.4.1, as a temporary workaround, consider restricting access to the report creation feature until a patch is available. Additionally, monitor report ownership changes closely to detect any potential unauthorized modifications. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NATO NCI ANET version 3.4.1 **Description** The issue allows for Insecure Direct Object Reference via a modified `ID` field in a request for a private draft report that belongs to an arbitrary user. **Recommendations** For NATO NCI ANET version 3.4.1, consider restricting access to private draft reports to prevent unauthorized access until a fix is available. As a temporary workaround, restrict the ability to modify the `ID` field in requests for private draft reports.

**Name of the Vulnerable Software and Affected Versions** NASA AIT-Core version 2.5.2 **Description** An issue in the YAML Python library allows attackers to execute arbitrary commands via supplying a crafted YAML file. **Recommendations** For NASA AIT-Core version 2.5.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NASA AIT-Core version 2.5.2 **Description** An issue in the Pickle Python library allows attackers to execute arbitrary commands. **Recommendations** For NASA AIT-Core version 2.5.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NASA AIT-Core version 2.5.2 **Description** The issue allows attackers to execute a man-in-the-middle attack due to the use of unencrypted channels for data exchange over the network. This can lead to unauthenticated, fully remote code execution when combined with other vulnerabilities. **Recommendations** For NASA AIT-Core version 2.5.2, consider implementing encrypted communication channels to prevent man-in-the-middle attacks. As a temporary workaround, restrict network access to trusted sources until a patch is available.

**Name of the Vulnerable Software and Affected Versions** NASA AIT-Core version 2.5.2 **Description** The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities are present in the `query packets` and `insert` functions, allowing for potential SQL injection attacks. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For NASA AIT-Core version 2.5.2, consider disabling the `query packets` and `insert` functions as a temporary workaround until a patch is available. Restrict access to these functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NASA AIT-Core version 2.5.2 **Description** An issue in NASA AIT-Core allows attackers to execute arbitrary code via a crafted packet. **Recommendations** For NASA AIT-Core version 2.5.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NASA AIT-Core version 2.5.2 **Description** An issue in the API wait function allows attackers to execute arbitrary code via supplying a crafted string. **Recommendations** For NASA AIT-Core version 2.5.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Yamcs version 5.8.6 **Description** An issue in Yamcs allows attackers to send arbitrary telecommands in a Command Stack via Clickjacking. **Recommendations** For Yamcs version 5.8.6, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Space Applications Services Yamcs version 5.8.6 **Description** The issue allows a remote attacker to execute arbitrary code via a crafted telecommand in the timeline view of the ArchiveBrowser. This is a Cross Site Scripting vulnerability. **Recommendations** For Space Applications Services Yamcs version 5.8.6, consider disabling the timeline view of the ArchiveBrowser as a temporary workaround until a patch is available. Restrict access to the ArchiveBrowser to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Space Applications Services Yamcs version 5.8.6 **Description** The issue allows a remote attacker to execute arbitrary code via the `scriptContainer` variable of the ScriptViewer, potentially leading to unauthorized access or control. This is a result of a Cross Site Scripting vulnerability. **Recommendations** For Space Applications Services Yamcs version 5.8.6, consider restricting access to the ScriptViewer or disabling the `scriptContainer` variable until a fix is available. Avoid using the `scriptContainer` variable in the ScriptViewer to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NASA Open MCT versions through 3.1.0 **Description** The issue allows attackers to run arbitrary code via the new component feature in the `flexibleLayout` plugin. This is a Cross Site Scripting (XSS) vulnerability. **Recommendations** For versions through 3.1.0, consider disabling the new component feature in the `flexibleLayout` plugin as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NASA Open MCT versions through 3.1.0 **Description** A Cross Site Request Forgery (CSRF) issue allows attackers to view sensitive information via the `flexibleLayout` plugin. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions through 3.1.0, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the `flexibleLayout` plugin to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Yamcs version 5.8.6 **Description** The issue allows attackers to delete arbitrary files via crafted HTTP DELETE request to the storage functionality of the API. This is achieved through a Directory Traversal vulnerability. **Recommendations** For Yamcs version 5.8.6, as a temporary workaround, consider restricting access to the storage functionality of the API to minimize the risk of exploitation. Avoid using crafted HTTP DELETE requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Yamcs version 5.8.6 **Description** The issue is related to directory traversal in the storage functionality of the API, allowing an attacker to escape the base directory of the buckets, navigate system directories, and read arbitrary files. **Recommendations** For Yamcs version 5.8.6, as a temporary workaround, consider restricting access to the storage functionality of the API until a patch is available. Avoid using the API to navigate system directories or read arbitrary files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Yamcs version 5.8.6 **Description** An issue in Yamcs allows attackers to obtain the session cookie via upload of a crafted HTML file. **Recommendations** For Yamcs version 5.8.6, consider restricting file uploads or validating uploaded files to prevent the exploitation of this issue until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Yamcs version 5.8.6 **Description** The issue allows for Cross-Site Scripting (XSS) due to the ability to upload arbitrary files, including HTML files containing JavaScript, to the primary storage mechanism, known as a Bucket. An attacker can upload such a file and then navigate to it, causing the browser to execute the arbitrary JavaScript when the file is opened. **Recommendations** For Yamcs version 5.8.6, consider restricting the upload of HTML files or files containing JavaScript to the Bucket as a temporary workaround until a patch is available. Additionally, avoid navigating to or opening suspicious files uploaded to the Bucket to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Yamcs version 5.8.6 **Description** The issue allows for Cross-Site Scripting (XSS) attacks. It comes with a Bucket as its primary storage mechanism, which allows for the upload of any file. There's a way to upload a display referencing a malicious JavaScript file to the bucket. The user can then open the uploaded display by selecting Telemetry from the menu and navigating to the display. **Recommendations** For Yamcs version 5.8.6, as a temporary workaround, consider disabling the ability to upload displays referencing external files to the bucket until a patch is available. Restrict access to the bucket to minimize the risk of exploitation. Avoid using the bucket's file upload feature in the affected version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.