Cristiano Maruti

**Name of the Vulnerable Software and Affected Versions** Enalean Tuleap software engineering platform versions prior to 9.18 **Description** A SQL injection issue in the tracker functionality allows attackers to execute arbitrary SQL commands. **Recommendations** For versions prior to 9.18, update to version 9.18 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Barracuda Load Balancer version 5.0.0.015 **Description** The issue concerns hard-coded weak credentials. **Recommendations** For version 5.0.0.015, update the credentials to strong, unique ones to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** Barracuda Load Balancer version 5.0.0.015 **Description** A privilege escalation issue exists due to an improperly protected SSH key. **Recommendations** For Barracuda Load Balancer version 5.0.0.015, update the SSH key protection mechanism to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** Aruba Networks ClearPass Policy Manager versions prior to 6.4.5 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `username` parameter to the "tips/tipsLoginSubmit.action" API endpoint. **Recommendations** For versions prior to 6.4.5, update to version 6.4.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the "tips/tipsLoginSubmit.action" API endpoint to minimize the risk of exploitation. Avoid using the `username` parameter in the affected API endpoint until the issue is resolved.