Devme4F

Name of the Vulnerable Software and Affected Versions: Asset Explorer versions prior to 7710 ServiceDesk Plus versions prior to 15110 ServiceDesk Plus MSP versions prior to 14940 SupportCenter Plus versions prior to 14940 Description: An improper privilege management issue exists in ManageEngine's Asset Explorer, ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus products. Recommendations: Update Asset Explorer to version 7710 or later. Update ServiceDesk Plus to version 15110 or later. Update ServiceDesk Plus MSP to version 14940 or later. Update SupportCenter Plus to version 14940 or later.

**Name of the Vulnerable Software and Affected Versions** Spring Cloud Function versions 4.0.x prior to 4.0.8 Spring Cloud Function versions 4.1.x prior to 4.1.2 **Description** The issue is related to insufficient input validation in the Spring Cloud Function web module. This can be exploited by a remote attacker to perform a denial-of-service attack. **Recommendations** For Spring Cloud Function versions 4.0.x prior to 4.0.8, update to version 4.0.8 or later. For Spring Cloud Function versions 4.1.x prior to 4.1.2, update to version 4.1.2 or later.

**Name of the Vulnerable Software and Affected Versions** Apache Tomcat versions 11.0.0-M1 through 11.0.0-M20 Apache Tomcat versions 10.1.0-M1 through 10.1.24 Apache Tomcat versions 9.0.0-M1 through 9.0.89 **Description** The issue is related to the improper handling of exceptional conditions and uncontrolled resource consumption in Apache Tomcat when processing an HTTP/2 stream. This led to a miscounting of active HTTP/2 streams, which in turn led to the use of an incorrect infinite timeout, allowing connections to remain open that should have been closed. It is estimated that over 50,300 services are potentially affected. **Recommendations** To resolve the issue, users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue. For versions 11.0.0-M1 through 11.0.0-M20, upgrade to version 11.0.0-M21. For versions 10.1.0-M1 through 10.1.24, upgrade to version 10.1.25. For versions 9.0.0-M1 through 9.0.89, upgrade to version 9.0.90.