Antoine Carrincazeaux

**Name of the Vulnerable Software and Affected Versions** Netwrix Usercube versions prior to 6.0.215 **Description** The issue allows authentication bypass on deployment endpoints, leading to privilege escalation in certain misconfigured on-premises installations. This occurs when the configuration omits the required `restSettings.AuthorizedClientId` and `restSettings.AuthorizedSecret` fields for the "POST /api/Deployment/ExportConfiguration" and "POST /api/Deployment" endpoints. **Recommendations** For versions prior to 6.0.215, update to version 6.0.215 or later to resolve the issue. As a temporary workaround, consider configuring the required `restSettings.AuthorizedClientId` and `restSettings.AuthorizedSecret` fields to prevent authentication bypass. Restrict access to the "POST /api/Deployment/ExportConfiguration" and "POST /api/Deployment" endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x **Description** A command execution vulnerability exists, allowing a low privileged remote attacker to potentially execute arbitrary commands on the underlying system. **Recommendations** For version 9.2.3.x, update to a version that contains a fix for this issue, as the current version allows for command execution by a low privileged remote attacker. At the moment, there is no information about a newer version that contains a fix for this vulnerability.