Eric Schayes

**Name of the Vulnerable Software and Affected Versions** Cisco Prime Service Catalog (affected versions not specified) **Description** The issue is related to a lack of protection against cross-site request forgery (CSRF) attacks in the web-based management interface. An attacker could exploit this by persuading a user to follow a malicious link, potentially allowing the attacker to perform arbitrary actions on the affected system with the privilege level of the affected user. **Recommendations** For all affected versions, consider restricting access to the web-based management interface until a fix is available. As a temporary workaround, avoid using links from untrusted sources to minimize the risk of exploitation. Restrict user privileges to minimize the impact of a potential attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows 8.1 and RT 8.1 Windows Server 2012 R2 **Description** The issue is related to how specially crafted requests are handled by the Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client, leading to a denial of service vulnerability. This vulnerability is caused by insufficient input validation in the mrxsmb.sys module, which implements the SMBv2/SMBv3 protocol in Windows operating systems. An attacker could exploit this vulnerability by sending a specially crafted packet, allowing them to cause a denial of service in the SMB client. **Recommendations** For Windows 8.1 and RT 8.1, apply the necessary patches or updates to fix the issue. For Windows Server 2012 R2, apply the necessary patches or updates to fix the issue. As a temporary workaround, consider restricting access to the SMB client to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BuddyPress Docs plugin versions prior to 1.9.3 **Description** The issue allows authenticated users to edit documents of other users without proper permissions. This is due to a problem in the includes/component.php file of the BuddyPress Docs plugin for WordPress. **Recommendations** For versions prior to 1.9.3, update to version 1.9.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the document editing feature to prevent unauthorized modifications until the update is applied.