Filip Palian

**Name of the Vulnerable Software and Affected Versions** Cisco Identity Services Engine (ISE) Software (affected versions not specified) **Description** A vulnerability in the External RESTful Services (ERS) API could allow an authenticated, remote attacker to obtain sensitive information due to excessive verbosity in a specific REST API output. An attacker could exploit this by sending a crafted HTTP request to the affected device, potentially obtaining sensitive information, including administrative credentials for an external authentication server. The attacker must have valid ERS administrative credentials to successfully exploit this vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BMC Remedy Mid-Tier versions 7.1.00 through 9.1.02.003 **Description** The issue concerns incorrect access control in ITAM forms. Specifically, it affects the following API endpoints: "TLS%3APLR-Configuration+Details/Default+Admin+View/", "AST%3AARServerConnection/Default+Admin+View/", and "AR+System+Administration%3A+Server+Information/Default+Admin+View/". Leaks of `username` and `password` can lead to exploitation. **Recommendations** For versions 7.1.00 through 9.1.02.003, consider restricting access to the vulnerable ITAM forms and API endpoints until a patch is available. As a temporary workaround, limit the use of default admin views to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Couchbase Server versions 4.0.0 through 5.5.1 **Description** The issue allows authenticated users with the 'Full Admin' role to execute arbitrary Erlang code on the underlying operating system with the privileges of the user running Couchbase. This is possible due to the exposure of the "/diag/eval" endpoint, which is available by default on TCP/8091 and/or TCP/18091. **Recommendations** For versions 4.0.0 through 5.5.1, update to version 5.5.2 or 6.0.0 to resolve the issue. As a temporary workaround, consider restricting access to the "/diag/eval" endpoint until a patch is applied.