D4Lyw

**Name of the Vulnerable Software and Affected Versions** BECN DATAGERRY version 2.2 **Description** The issue allows attackers to execute arbitrary commands via crafted web requests due to incorrect access control. **Recommendations** For BECN DATAGERRY version 2.2, consider restricting access to the web interface to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CentralSquare CryWolf (False Alarm Management) versions prior to 2024-08-09 **Description** A traversal vulnerability in GeneralDocs.aspx allows unauthenticated attackers to read files outside of the working web directory via the `rpt` parameter, leading to the disclosure of sensitive information. This issue enables attackers to access sensitive data without proper authentication. **Recommendations** As a temporary workaround, consider restricting access to the GeneralDocs.aspx page until a patch is available. Limit local network access to minimize the risk of exploitation. Patch immediately and monitor for exploit attempts.