Dipesh Thakur

**Name of the Vulnerable Software and Affected Versions** CFEngine Enterprise and Community versions prior to 3.21.8 CFEngine Enterprise and Community versions prior to 3.24.3 CFEngine Enterprise and Community versions prior to 3.27.0 **Description** CFEngine Enterprise and Community are affected by command injection and cross-site scripting (XSS), a flaw where an attacker can inject malicious scripts into web pages viewed by other users. **Recommendations** Update to version 3.21.8 or later. Update to version 3.24.3 or later. Update to version 3.27.0 or later.