Florian Hansemann

**Name of the Vulnerable Software and Affected Versions** Ivanti DSM Remote versions prior to 6.3.1.1862 **Description** The issue allows local users to launch processes with elevated privileges due to an unquoted service path. **Recommendations** For versions prior to 6.3.1.1862, update to a version that contains a fix for this issue to prevent local users from launching processes with elevated privileges.

**Name of the Vulnerable Software and Affected Versions** Fujitsu PlugFree Network versions 7.3.0.3 and earlier **Description** The issue is related to an unquoted service path in the PFNService.exe software, which could allow a local attacker to potentially escalate privileges to the system level. **Recommendations** For Fujitsu PlugFree Network versions 7.3.0.3 and earlier, update to a version later than 7.3.0.3 to resolve the issue. At the moment, there is no information about other specific fixes for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wordline HIDCCEMonitorSVC versions prior to 5.2.4.3 **Description** The issue allows attackers to escalate privileges to the system level due to an unquoted service path in the affected software. **Recommendations** For versions prior to 5.2.4.3, update to version 5.2.4.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Remote Desktop Commander Suite Agent versions prior to 4.8 **Description** The issue allows attackers to escalate privileges to the system level due to an unquoted service path. **Recommendations** For versions prior to 4.8, update to version 4.8 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Sophos Intercept X Advanced versions prior to 2.0.23 Sophos Intercept X Advanced for Server versions prior to 2.0.23 Sophos Exploit Prevention versions prior to 3.8.3 Description: A local administrator could exploit an unquoted service path vulnerability in the HMPA component to prevent the HMPA service from starting despite tamper protection. Recommendations: For Sophos Intercept X Advanced versions prior to 2.0.23, update to version 2.0.23 or later. For Sophos Intercept X Advanced for Server versions prior to 2.0.23, update to version 2.0.23 or later. For Sophos Exploit Prevention versions prior to 3.8.3, update to version 3.8.3 or later.

**Name of the Vulnerable Software and Affected Versions** Panda Agent versions 1.16.11 and earlier Panda Adaptive Defense 360 versions 8.0.17 and earlier **Description** The issue allows an attacker to escalate privileges via a maliciously crafted DLL file. This is achieved through DLL hijacking in the affected software. **Recommendations** For Panda Agent versions 1.16.11 and earlier, update to a version later than 1.16.11 to resolve the issue. For Panda Adaptive Defense 360 versions 8.0.17 and earlier, update to a version later than 8.0.17 to resolve the issue. As a temporary workaround, consider restricting the use of potentially vulnerable DLL files until a patch is available.