Bruno López

**Name of the Vulnerable Software and Affected Versions** AP Page Builder versions prior to 4.0.0 **Description** The issue is an Absolute Path Traversal vulnerability that could allow an unauthenticated remote user to modify the `product item path` within the `config` JSON file, allowing them to read any file on the system. **Recommendations** For AP Page Builder versions prior to 4.0.0, update to version 4.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `config` JSON file to prevent modification of the `product item path`.

**Name of the Vulnerable Software and Affected Versions** VMware Workspace ONE Access, Identity Manager and vRealize Automation (affected versions not specified) **Description** The issue is related to an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. This vulnerability allows an attacker to enter the system as any known local user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.