Dr

**Name of the Vulnerable Software and Affected Versions** agorum core open versions 11.9.2 and 11.10.1 **Description** The software contains an XML External Entity (XXE) issue via the `RSSReader` endpoint. Attackers can potentially access sensitive data by providing a crafted XML input. **Recommendations** For agorum core open version 11.9.2, implement input validation and sanitization for XML data processed by the `RSSReader` endpoint. For agorum core open version 11.10.1, implement input validation and sanitization for XML data processed by the `RSSReader` endpoint.

**Name of the Vulnerable Software and Affected Versions** Agorum core open versions 11.9.2 and 11.10.1 **Description** An incorrect access control issue exists in the dynawebservice component, allowing unauthenticated attackers to access arbitrary files on the system. **Recommendations** Agorum core open version 11.9.2: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Agorum core open version 11.10.1: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Agorum core open versions 11.9.2 and 11.10.1 **Description** The software stores credentials in plaintext. **Recommendations** Apply necessary measures to prevent the storage of credentials in plaintext for Agorum core open version 11.9.2. Apply necessary measures to prevent the storage of credentials in plaintext for Agorum core open version 11.10.1.

**Name of the Vulnerable Software and Affected Versions** Agorum core open versions 11.9.2 and 11.10.1 **Description** An incorrect access control issue exists in Agorum core open. Authenticated attackers can escalate privileges to Administrator and access sensitive components and information. **Recommendations** Apply necessary access control restrictions for Agorum core open version 11.9.2. Apply necessary access control restrictions for Agorum core open version 11.10.1.

**Name of the Vulnerable Software and Affected Versions** agorum Software GmbH Agorum core open versions 11.9.2 and 11.10.1 **Description** A Server-Side Request Forgery (SSRF) exists in the `TunnelServlet` component. This allows attackers to initiate connections to arbitrary internal and external resources using a crafted request, potentially leading to sensitive data exposure. **Recommendations** Update to a newer version that resolves this issue. As a temporary workaround, consider restricting network access for the `TunnelServlet` component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** agorum Software GmbH Agorum core open versions 11.9.2 and 11.10.1 **Description** The software contains a reflected cross-site scripting (XSS) issue. **Recommendations** Update to a newer version that addresses this issue.