Cpnrodzc7

**Name of the Vulnerable Software and Affected Versions** Elasticsearch (affected versions not specified) **Description** A flaw exists in Elasticsearch. The specific details of the issue are not provided. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache TomEE versions prior to 1.7.4 Apache TomEE versions 7.x prior to 7.0.0-M3 **Description** The issue is related to insufficient access control in the EjbObjectInputStream class of the Apache TomEE application server. It can be exploited by a remote attacker using a specially crafted serialized object to execute arbitrary code. **Recommendations** For Apache TomEE versions prior to 1.7.4, update to version 1.7.4 or later. For Apache TomEE versions 7.x prior to 7.0.0-M3, update to version 7.0.0-M3 or later.

**Name of the Vulnerable Software and Affected Versions** Novell ZENworks Configuration Management versions 11.3 through 11.4 **Description** The issue is related to the ChangePassword RPC method, which allows remote attackers to conduct XPath injection attacks and read arbitrary text files via a malformed query. This is due to incorrect code generation management. The exploitation of this issue can enable a remote attacker to perform XPath injection attacks and gain read access to text files using a distorted query. **Recommendations** For versions 11.3 and 11.4, consider disabling the ChangePassword RPC method until a patch is available to prevent exploitation. Restrict access to sensitive text files to minimize the risk of unauthorized access. As a temporary workaround, avoid using the ChangePassword RPC method until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dell SonicWALL GMS versions 7.2 through 8.1 before Hotfix 168056 Dell SonicWALL Analyzer versions 7.2 through 8.1 before Hotfix 168056 Dell SonicWALL UMA EM5000 versions 7.2 through 8.1 before Hotfix 168056 **Description** The issue is related to the cliserver implementation, which lacks input data sanitization measures. This allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data. The vulnerability can be exploited by sending specially formed XML data, enabling the execution of arbitrary Java code. **Recommendations** For Dell SonicWALL GMS versions 7.2 through 8.1 before Hotfix 168056, apply Hotfix 168056 to resolve the issue. For Dell SonicWALL Analyzer versions 7.2 through 8.1 before Hotfix 168056, apply Hotfix 168056 to resolve the issue. For Dell SonicWALL UMA EM5000 versions 7.2 through 8.1 before Hotfix 168056, apply Hotfix 168056 to resolve the issue. As a temporary workaround, consider restricting access to the cliserver implementation until the hotfix is applied.