Chudypb

**Name of the Vulnerable Software and Affected Versions** IBM Engineering Lifecycle Management versions 7.0.3 Interim Fix 001 through Interim Fix 021 IBM Engineering Lifecycle Management versions 7.1.0 Interim Fix 001 through Interim Fix 009 IBM Engineering Lifecycle Management versions 7.2.0 through 7.2.0 Interim Fix 001 **Description** An XML external entity (XXE) injection occurs when processing XML data, which is a technique where an application processes external entities within an XML document. An authenticated attacker can exploit this to expose sensitive information or consume memory resources. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Engineering Lifecycle Management versions 7.0.3 through Interim Fix 021 IBM Engineering Lifecycle Management versions 7.1.0 through Interim Fix 009 IBM Engineering Lifecycle Management versions 7.2.0 through Interim Fix 001 **Description** An unauthenticated remote attacker can update server property files, which may lead to unauthorized access to the application. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hyland Alfresco Transformation Service (affected versions not specified) **Description** An unauthenticated attacker can perform server-side request forgery (SSRF) via the document processing functionality. SSRF occurs when an application makes requests to an internal or external resource on behalf of a user, and an attacker can manipulate the request to access unintended resources. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hyland Alfresco Transformation Service (affected versions not specified) **Description** The Hyland Alfresco Transformation Service contains a flaw that enables unauthenticated attackers to execute code remotely. This issue stems from an argument injection weakness within the document processing functionality. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hyland Alfresco (affected versions not specified) **Description** An unauthenticated attacker can read arbitrary files from protected directories, such as WEB-INF, by accessing the `/share/page/resource/` API endpoint. This can lead to the disclosure of sensitive configuration files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hyland Alfresco Transformation Service (affected versions not specified) **Description** The Hyland Alfresco Transformation Service is susceptible to exploitation allowing unauthenticated attackers to perform arbitrary file read and server-side request forgery (SSRF) through absolute path traversal. The vulnerability allows attackers to access files and potentially manipulate server-side requests. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office SharePoint (affected versions not specified) **Description** Improper input validation in Microsoft Office SharePoint can allow an unauthorized attacker to execute code locally. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Commvault versions prior to 11.36.60 Description: A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. Role-Based Access Control (RBAC) can limit exposure, but does not eliminate the risk. Recommendations: Update to version 11.36.60 or later.

Name of the Vulnerable Software and Affected Versions: ServiceStack (affected versions not specified) Description: This issue allows remote attackers to relay NTLM credentials on affected installations of ServiceStack. The specific flaw exists within the implementation of the `GetErrorResponse` method, resulting from the lack of proper validation of user-supplied data, which can lead to a type confusion condition. An attacker can leverage this to relay NTLM credentials in the context of the current user. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ServiceStack (affected versions not specified) Description: This issue allows remote attackers to execute arbitrary code on affected installations of ServiceStack. The specific flaw exists within the implementation of the `FindType` method, which lacks proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this to execute code in the context of the current process. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Endpoint Encryption PolicyServer (affected versions not specified) **Description** The issue is related to an insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer, which could lead to a post-authentication remote code execution on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system to exploit this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Endpoint Encryption (affected versions not specified) **Description** The issue is related to an authentication bypass, allowing an attacker to access key methods as an admin user and modify product configurations on affected installations. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Endpoint Encryption (affected versions not specified) **Description** A post-auth SQL injection issue could allow an attacker to escalate privileges on affected installations. The attacker must first obtain the ability to execute low-privileged code on the target system to exploit this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Endpoint Encryption (affected versions not specified) **Description** The issue is related to an insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer, which could lead to a pre-authentication remote code execution on affected installations. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Endpoint Encryption (affected versions not specified) **Description** A post-auth SQL injection issue could allow an attacker to escalate privileges on affected installations. This requires the attacker to first obtain the ability to execute low-privileged code on the target system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Progress Telerik UI for AJAX versions 2011.2.712 through 2025.1.218 **Description** An unsafe reflection issue exists in Progress Telerik UI for AJAX. This flaw can lead to an unhandled exception, potentially causing a crash of the hosting process and resulting in a denial of service. Reports indicate that this issue affects millions of enterprise applications worldwide. Exploitation can be achieved with a single HTTP request, and in some cases, may lead to remote code execution when combined with other vulnerabilities. The vulnerability is related to unsafe reflection, a programming technique where an application uses runtime information to examine or modify its own structure and behavior. **Recommendations** Update to a version beyond 2025.1.218. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex Central versions prior to 8.0.7007 **Description** The issue is related to an insecure deserialization operation, which could lead to a pre-authentication remote code execution on affected installations. This vulnerability is similar to another issue but affects a different method. **Recommendations** For versions prior to 8.0.7007, update to version 8.0.7007 or later to resolve the issue. As a temporary workaround, consider restricting access to the `ConvertFromJson` deserialization method until a patch is available.

Name of the Vulnerable Software and Affected Versions: Mescius ActiveReports.NET (affected versions not specified) Description: The issue concerns a deserialization of untrusted data remote code execution vulnerability in the TypeResolutionService. This allows for remote code execution. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Endpoint Encryption versions prior to 6.0.0.4013 **Description** An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. The issue is related to the deserialization of untrusted data, which can be exploited to execute code remotely without authentication. This vulnerability is actively being exploited. **Recommendations** To resolve the issue, update Trend Micro Endpoint Encryption to version 6.0.0.4013 or later. As a temporary workaround, consider restricting access to the PolicyServer to minimize the risk of exploitation. Avoid using the `DeserializeFromBase64String` method in the affected PolicyServer until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Endpoint Encryption (TMEE) (affected versions not specified) **Description** The issue is related to insufficient input validation in the PolicyServerWindowsService class of the Trend Micro Endpoint Encryption (TMEE) PolicyServer data encryption tool. This can be exploited by a remote attacker to execute arbitrary code. The vulnerability involves deserialization of untrusted data, which can lead to remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.