David Azria

**Name of the Vulnerable Software and Affected Versions** VMware Workstation versions 16.x prior to 16.2.4 **Description** The issue is related to insufficient protection of registration data, which can be exploited by a malicious actor with local user privileges to disclose user passwords of a remote server connected through VMware Workstation. **Recommendations** For versions 16.x prior to 16.2.4, update to version 16.2.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** IBM API Connect's Developer Portal versions 5.0.0.0 through 5.0.8.3 **Description** The issue allows an attacker to trick the server into making potentially malicious calls within the trusted network by using specially crafted input parameters. This can be exploited through Server Side Request Forgery. **Recommendations** For versions 5.0.0.0 through 5.0.8.3, update to a version that contains a fix for this issue to prevent Server Side Request Forgery attacks.