Brian Sullivan

**Name of the Vulnerable Software and Affected Versions** Webswing versions prior to 20.1.16 Webswing versions prior to 20.2.19 Webswing versions prior to 21.1.8 Webswing versions prior to 21.2.12 Webswing versions prior to 22.1.3 **Description** The issue allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page, specifically the `{clientIp}` variable, which can be used as an application startup argument. This variable can be manipulated by a client to store an arbitrary value, allowing the injection of multiple arguments into the session startup without sanitization. Systems not using the `clientIP` variable in the configuration are not affected. **Recommendations** For Webswing versions prior to 20.1.16, update to version 20.1.16 or later. For Webswing versions prior to 20.2.19, update to version 20.2.19 or later. For Webswing versions prior to 21.1.8, update to version 21.1.8 or later. For Webswing versions prior to 21.2.12, update to version 21.2.12 or later. For Webswing versions prior to 22.1.3, update to version 22.1.3 or later. As a temporary workaround, consider restricting the use of the `{clientIp}` variable in the configuration page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** VMware NSX SD-WAN Edge by VeloCloud versions prior to 3.1.0 **Description** The local web UI component of the software contains a command injection issue. This component is disabled by default and should not be enabled on untrusted networks. The vendor plans to remove this service from the product in future releases. Successful exploitation could result in remote code execution. **Recommendations** For versions prior to 3.1.0, update to version 3.1.0 or later to resolve the issue. As a temporary workaround, consider keeping the local web UI component disabled, especially on untrusted networks, until a patch is applied.