Brandon Perry

Name of the Vulnerable Software and Affected Versions: Oracle Outside In Technology versions 8.5.6 through 8.5.7 Description: The issue is related to insufficient input validation in the Outside In Core component of Oracle Outside In Technology, allowing a low-privileged attacker with logon to the infrastructure to compromise the system. Successful attacks can result in unauthorized access to data, including update, insert, or delete access to some data, as well as unauthorized read access to a subset of data. Additionally, it can cause a partial denial of service. Recommendations: For versions 8.5.6 and 8.5.7, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Logic Pro versions prior to 10.7.3 GarageBand versions prior to 10.4.6 macOS Monterey versions prior to 12.3 **Description** The issue is related to an out-of-bounds read that has been addressed with improved bounds checking. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. **Recommendations** For Logic Pro versions prior to 10.7.3, update to version 10.7.3 or later. For GarageBand versions prior to 10.4.6, update to version 10.4.6 or later. For macOS Monterey versions prior to 12.3, update to version 12.3 or later.

**Name of the Vulnerable Software and Affected Versions** Logic Pro versions prior to 10.7.3 GarageBand versions prior to 10.4.6 macOS Monterey versions prior to 12.3 **Description** A memory initialization issue was addressed with improved memory handling. This issue may lead to unexpected application termination or arbitrary code execution when opening a maliciously crafted file. **Recommendations** For Logic Pro versions prior to 10.7.3, update to version 10.7.3 to resolve the issue. For GarageBand versions prior to 10.4.6, update to version 10.4.6 to resolve the issue. For macOS Monterey versions prior to 12.3, update to version 12.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SysAid ITIL version 20.4.74 b10 **Description** An issue was discovered where the `/enduserreg` endpoint does not respect the server-side setting for anonymous user registration. This allows an attacker to create new accounts without prior authentication by posting registration data, even if the server-side setting is configured to disable anonymous user registration. The client-side registration form is hidden when this setting is disabled, but this does not prevent attackers from registering new accounts. **Recommendations** For SysAid ITIL version 20.4.74 b10, as a temporary workaround, consider restricting access to the `/enduserreg` endpoint to minimize the risk of exploitation. Additionally, review server-side settings to ensure that anonymous user registration is properly configured and enforced. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SysAid ITIL version 20.4.74 b10 **Description** A SQL injection issue allows a remote authenticated attacker to execute arbitrary SQL commands via the `filterText` parameter in the "/mobile/SelectUsers.jsp" API endpoint. **Recommendations** For SysAid ITIL version 20.4.74 b10, consider restricting access to the "/mobile/SelectUsers.jsp" endpoint until a patch is available, and avoid using the `filterText` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SysAid ITIL version 20.4.74 b10 **Description** The issue allows a remote authenticated attacker to upload an arbitrary file via the `file` parameter in the HTTP POST body to the "/UploadPsIcon.jsp" API endpoint. A successful request returns the absolute, server-side filesystem path of the uploaded file. **Recommendations** For SysAid ITIL version 20.4.74 b10, consider restricting access to the "/UploadPsIcon.jsp" endpoint until a patch is available. As a temporary workaround, avoid using the `file` parameter in the affected API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SysAid ITIL version 20.4.74 b10 **Description** The issue allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root with an arbitrary filename. This is achieved via the `tempFile` and `fileName` parameters in the HTTP POST body to the "/UserSelfServiceSettings.jsp" API endpoint. **Recommendations** For SysAid ITIL version 20.4.74 b10, as a temporary workaround, consider restricting access to the "/UserSelfServiceSettings.jsp" endpoint until a patch is available. Avoid using the `tempFile` and `fileName` parameters in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BMC Track-It! (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of BMC Track-It!. Authentication is required to exploit this issue. The specific flaw exists within the processing of email attachments, resulting from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this issue to execute code in the context of the service account. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Commvault CommCell version 11.22.22 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can be bypassed. The specific flaw exists within the DataProvider class and results from the lack of proper validation of a user-supplied string before executing it as JavaScript code. An attacker can leverage this issue to escape the JavaScript sandbox and execute Java code in the context of NETWORK SERVICE. **Recommendations** For Commvault CommCell version 11.22.22, as a temporary workaround, consider disabling the `DataProvider` class until a patch is available. Restrict access to the `DataProvider` class to minimize the risk of exploitation. Avoid using user-supplied strings in the affected JavaScript code until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Commvault CommCell versions 11.22.22 **Description** The issue is related to incorrect code generation management in the Demo ExecuteProcessOnGroup process of the CommCell storage management software. Exploitation of this issue can allow a remote attacker to execute arbitrary code by sending a specially crafted request. Although authentication is required to exploit this issue, the existing authentication mechanism can be bypassed. The flaw exists within the Demo ExecuteProcessOnGroup workflow, allowing an attacker to specify an arbitrary command to be executed, potentially executing code in the context of SYSTEM. **Recommendations** For Commvault CommCell version 11.22.22, consider disabling the Demo ExecuteProcessOnGroup workflow as a temporary workaround until a patch is available. Restrict access to the workflow to minimize the risk of exploitation. Avoid using the workflow to execute arbitrary commands until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Commvault CommCell version 11.22.22 **Description** The issue is related to the CVSearchService service and is caused by inadequate validation prior to authentication, allowing remote attackers to bypass authentication on affected installations. This can enable an attacker to gain unauthorized access to the system without requiring authentication. The specific flaw exists within the CVSearchService service. **Recommendations** For Commvault CommCell version 11.22.22, consider disabling the CVSearchService service until a patch is available to prevent exploitation. Restrict access to the CVSearchService to minimize the risk of unauthorized access. Apply proper validation prior to authentication to prevent bypassing authentication. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Commvault CommCell version 11.22.22 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can be bypassed. The specific flaw exists within the `DownloadCenterUploadHandler` class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this issue to execute code in the context of NETWORK SERVICE. **Recommendations** For Commvault CommCell version 11.22.22, consider disabling the `DownloadCenterUploadHandler` class until a patch is available to prevent the upload of arbitrary files and mitigate the risk of remote code execution. Restrict access to the `DownloadCenterUploadHandler` class to minimize the risk of exploitation. Avoid using the vulnerable class until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: vTiger CRM versions 5.3 through 5.4 Description: The issue allows for arbitrary PHP code execution in the 'files' upload folder. Recommendations: For versions 5.3 through 5.4, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ISPConfig version 3.0.5.2 Description: The issue allows for arbitrary PHP code execution. Recommendations: For ISPConfig version 3.0.5.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenEXR version 2.2.0 **Description** The issue is related to insufficient input validation in the `bufferedReadPixels` function, which could lead to an invalid write of size 1, causing the application to crash or potentially execute arbitrary code. This could allow a remote attacker to cause a denial of service. **Recommendations** For OpenEXR version 2.2.0, consider applying input validation to the `bufferedReadPixels` function to prevent invalid writes. As a temporary workaround, restrict the use of the `bufferedReadPixels` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenEXR version 2.2.0 **Description** The issue is related to an invalid read in the `hufDecode` function, which could cause the application to crash. It is associated with a buffer data boundary read issue in the OpenEXR library. Exploitation of this issue may allow a remote attacker to cause a denial of service. **Recommendations** For OpenEXR version 2.2.0, consider disabling the `hufDecode` function as a temporary workaround until a patch is available. Restrict access to the `ImfHuf.cpp` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenEXR version 2.2.0 **Description** The issue is related to an invalid read in the `getBits` function, which could cause the application to crash. It is associated with a buffer data boundary read issue in the OpenEXR library. Exploitation of this issue may allow a remote attacker to cause a denial of service. **Recommendations** For OpenEXR version 2.2.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenEXR version 2.2.0 **Description** The issue is related to an invalid read of size 1 in the `uncompress` function in `ImfZip.cpp`, which could cause the application to crash. It is also associated with errors in number processing. Exploitation of this issue may allow a remote attacker to cause a denial of service. **Recommendations** For OpenEXR version 2.2.0, consider disabling the `uncompress` function in `ImfZip.cpp` as a temporary workaround until a patch is available. Restrict access to the `ImfZip.cpp` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenEXR version 2.2.0 **Description** The issue is related to an invalid write of size 2 in the = operator function in half.h, which could cause the application to crash or execute arbitrary code. It is also described as a buffer overflow vulnerability in the half.h component, allowing a remote attacker to access confidential information or cause a denial of service. **Recommendations** For OpenEXR version 2.2.0, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ClamAV versions prior to 0.99.2 **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash, by sending a crafted 7z file. **Recommendations** For versions prior to 0.99.2, update to version 0.99.2 or later to resolve the issue.