Baochengzhang

**Name of the Vulnerable Software and Affected Versions** Apache Submarine Server Core (affected versions not specified) **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This affects products that are no longer supported by the maintainer. Users are advised to find an alternative or restrict access to the instance to trusted users. **Recommendations** As this project is retired and no fix is planned, users are recommended to find an alternative to Apache Submarine Server Core. Restrict access to the instance to trusted users to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RocketMQ versions 5.2.0 and below **Description** The issue is related to insufficient protection of service data in the RocketMQ messaging platform. This could allow a remote attacker to gain unauthorized access to protected information. Under certain conditions, even with authentication and authorization functions enabled, there is a risk of exposing sensitive information to an unauthorized actor. An attacker with regular user privileges or listed in the IP whitelist could potentially acquire the administrator's account and password through specific interfaces, granting them full control over RocketMQ if they have access to the broker IP address list. **Recommendations** For RocketMQ versions 5.2.0 and below, upgrade to version 5.3.0 or newer to mitigate the security threats. When upgrading to version Apache RocketMQ 5.3.0, use RocketMQ ACL 2.0 instead of the original RocketMQ ACL.