Dylan Pindur

Name of the Vulnerable Software and Affected Versions: Apache Jackrabbit versions prior to 2.23.2 Description: The software contains Blind XXE vulnerabilities in jackrabbit-spi-commons and jackrabbit-core due to the use of an unsecured document build to load privileges. Recommendations: Upgrade to version 2.20.17 (Java 8). Upgrade to version 2.22.1 (Java 11). Upgrade to version 2.23.2 (Java 11, beta versions).

**Name of the Vulnerable Software and Affected Versions** Sitecore Experience Platform (XP) versions 9.0 Initial Release through 13.0 Initial Release Sitecore Experience Manager (XM) versions 9.0 Initial Release through 13.0 Initial Release Sitecore Experience Commerce (XC) versions 9.0 Initial Release through 13.0 Initial Release **Description** An issue in the MVC Device Simulator allows attackers to bypass authorization rules. **Recommendations** For Sitecore Experience Platform (XP) versions 9.0 Initial Release through 13.0 Initial Release, update to a version that includes a fix for this issue. For Sitecore Experience Manager (XM) versions 9.0 Initial Release through 13.0 Initial Release, update to a version that includes a fix for this issue. For Sitecore Experience Commerce (XC) versions 9.0 Initial Release through 13.0 Initial Release, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the MVC Device Simulator until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Sitecore Experience Platform (XP) version 9.3 **Description** The issue is an authenticated remote code execution (RCE) vulnerability. It can be exploited via the component /sitecore/shell/Invoke.aspx. **Recommendations** For Sitecore Experience Platform (XP) version 9.3, consider restricting access to the /sitecore/shell/Invoke.aspx component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sitecore Experience Platform (XP) version 9.3 **Description** The issue is related to an authenticated remote code execution via the /Applications/Content Manager/Execute.aspx component, specifically when the `cmd` parameter is set to `convert` and the `mode` parameter is set to `HTML`. **Recommendations** For Sitecore Experience Platform (XP) version 9.3, consider restricting access to the /Applications/Content Manager/Execute.aspx endpoint to minimize the risk of exploitation. Avoid using the `cmd` parameter with the `convert` value and the `mode` parameter with the `HTML` value in the Execute.aspx endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Atlassian Jira Server and Data Center versions 8.0.0 through 8.13.21 Atlassian Jira Server and Data Center versions 8.14.0 through 8.20.9 Atlassian Jira Server and Data Center versions 8.21.0 through 8.22.3 Jira Management Server and Data Center versions 4.0.0 through 4.13.21 Jira Management Server and Data Center versions 4.14.0 through 4.20.9 Jira Management Server and Data Center versions 4.21.0 through 4.22.3 **Description** The issue is related to insufficient request checking on the server side, allowing a remote, authenticated user to perform a full read server-side request forgery via a batch endpoint. This can be exploited to conduct SSRF attacks. **Recommendations** For Atlassian Jira Server and Data Center versions 8.0.0 through 8.13.21, update to version 8.13.22 or later. For Atlassian Jira Server and Data Center versions 8.14.0 through 8.20.9, update to version 8.20.10 or later. For Atlassian Jira Server and Data Center versions 8.21.0 through 8.22.3, update to version 8.22.4 or later. For Jira Management Server and Data Center versions 4.0.0 through 4.13.21, update to version 4.13.22 or later. For Jira Management Server and Data Center versions 4.14.0 through 4.20.9, update to version 4.20.10 or later. For Jira Management Server and Data Center versions 4.21.0 through 4.22.3, update to version 4.22.4 or later. As a temporary workaround, consider restricting access to the batch endpoint to minimize the risk of exploitation.