Anthony Cole

**Name of the Vulnerable Software and Affected Versions** TylerTech Eagle version 2018.3.11 **Description** The issue allows remote code execution via a crafted Java object to the "recorder/ServiceManager?service=tyler.empire.settings.SettingManager" URI, resulting from the deserialization of untrusted user input. **Recommendations** For TylerTech Eagle version 2018.3.11, as a temporary workaround, consider restricting access to the "recorder/ServiceManager?service=tyler.empire.settings.SettingManager" URI until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Deltek Ajera Timesheets versions 9.10.16 and prior Description: The issue allows for remote code execution via deserialization of untrusted user input from an authenticated user. The executed code will run as the IIS Application Pool that is running the application. Recommendations: For Deltek Ajera Timesheets versions 9.10.16 and prior, update to a version later than 9.10.16 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mura CMS versions prior to 6.2 **Description** The issue allows attackers to bypass intended access restrictions by leveraging the "draggable feeds" feature in the tasks/feed/readRSS.cfm file. **Recommendations** For versions prior to 6.2, update to version 6.2 or later to resolve the issue.