Aurelien Bourdois

**Name of the Vulnerable Software and Affected Versions** EasyVirt DCScope versions 8.6.4 and earlier EasyVirt CO2Scope versions 1.3.4 and earlier **Description** The issue allows remote authenticated attackers to execute arbitrary SQL commands. This can be achieved via various parameters to specific API endpoints, such as the `timeago`, `user`, `filter`, `target`, `p1` through `p20` parameters to "/api/management/updateihmsettings", or the `ID`, `NAME`, `CPUTHREADNB`, `RAMCAP`, or `DISKCAP` parameters to "/api/capaplan/savetemplates". **Recommendations** For EasyVirt DCScope versions 8.6.4 and earlier, consider disabling access to the "/api/management/updateihmsettings" and "/api/capaplan/savetemplates" API endpoints until a patch is available. For EasyVirt CO2Scope versions 1.3.4 and earlier, restrict the use of the vulnerable parameters `timeago`, `user`, `filter`, `target`, `p1` through `p20`, `ID`, `NAME`, `CPUTHREADNB`, `RAMCAP`, and `DISKCAP` in the affected API endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EasyVirt DCScope versions 8.6.0 and earlier EasyVirt CO2Scope versions 1.3.0 and earlier **Description** The issue allows remote authenticated attackers to execute arbitrary SQL commands. This can be achieved via various parameters to different API endpoints, including the `user` parameter to "/api/management/findfilterlist", the `user` or `filter` parameter to "/api/audit/findmetawatcher", and others. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For EasyVirt DCScope versions 8.6.0 and earlier, update to a version later than 8.6.0. For EasyVirt CO2Scope versions 1.3.0 and earlier, update to a version later than 1.3.0. As a temporary workaround, consider restricting access to the vulnerable API endpoints, such as "/api/management/findfilterlist", "/api/audit/findmetawatcher", and others, until a patch is available. Avoid using the vulnerable parameters, such as `user`, `filter`, `login`, `is local`, `is ldap`, `is openid`, `role`, `TIMEAGO`, `IDENTIFIER`, `USER`, `NAME`, `COST`, `VM COST`, `VM`, `HOST`, `STORAGE`, and `timeago`, in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** EasyVirt DCScope versions 8.6.0 and earlier EasyVirt CO2Scope versions 1.3.0 and earlier **Description** The issue allows remote unauthenticated attackers to execute arbitrary SQL commands. This can be achieved via the `username` or `password` parameter to the "/api/auth/login" API endpoint. **Recommendations** For EasyVirt DCScope versions 8.6.0 and earlier, update to a version later than 8.6.0 to resolve the issue. For EasyVirt CO2Scope versions 1.3.0 and earlier, update to a version later than 1.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the "/api/auth/login" API endpoint to minimize the risk of exploitation.