Binary1985

**Name of the Vulnerable Software and Affected Versions** CloudBees Jenkins Operations Center version 2.150.2.3 **Description** The issue allows cleartext password storage and retrieval via the proxy configuration page when an expired trial license exists. **Recommendations** For CloudBees Jenkins Operations Center version 2.150.2.3, consider removing or updating the expired trial license to prevent cleartext password storage and retrieval. As a temporary workaround, restrict access to the proxy configuration page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Infocus Mondopad version 2.2.08 **Description** The issue allows an attacker to disclose hashed credentials by providing a crafted Microsoft Office document, such as an Excel spreadsheet, containing a link with a UNC pathname associated with an attacker-controlled server. This enables the attacker-controlled server to receive the victim's NetNTLMv2 hash. **Recommendations** For Infocus Mondopad version 2.2.08, consider disabling the handling of UNC pathnames in Microsoft Office documents as a temporary workaround until a patch is available. Restrict access to sensitive areas of the system to minimize the risk of exploitation. Avoid opening suspicious Microsoft Office documents from untrusted sources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jaspersoft JasperReports version 4.7 **Description** The issue allows a remote authenticated user to disclose saved credentials by accessing the "flow.html" page and reading the HTML source code when editing a Data Source connector. **Recommendations** For Jaspersoft JasperReports version 4.7, consider restricting access to the "flow.html" page and the Data Source connector's Edit action to minimize the risk of credential disclosure until a patch is available.