Florian Hauser

**Name of the Vulnerable Software and Affected Versions** Veeam Backup & Replication versions prior to 12.2.0.334 **Description** Veeam Backup & Replication is affected by a critical deserialization of untrusted data vulnerability that allows for unauthenticated remote code execution (RCE). This flaw, tracked as CVE-2024-40711, has a CVSS score of 9.8 and is actively being exploited by ransomware groups, including Akira and Fog. Attackers are leveraging this vulnerability to gain full control of systems and deploy ransomware. A proof-of-concept exploit is publicly available, increasing the risk of widespread exploitation. The vulnerability is related to .NET Remoting and allows attackers to execute arbitrary code without authentication. The vulnerability has been observed in attacks where attackers establish a local administrator account to deploy ransomware. The vulnerability is actively exploited and has been added to CISA’s Known Exploited Vulnerabilities Catalog. **Recommendations** Update Veeam Backup & Replication to version 12.2.0.334 or later.

**Name of the Vulnerable Software and Affected Versions** Apache Archiva (affected versions not specified) **Description** The issue is related to an Incorrect Authorization vulnerability in Apache Archiva, where a setting to disable user registration can be bypassed. Since Apache Archiva has been retired, no fix is expected to be released for this issue. It is recommended to consider migrating to a different solution or isolating the instance from untrusted users. **Recommendations** As a temporary workaround, consider isolating your Apache Archiva instance from any untrusted users. Look into migrating to a different solution to fully resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The News & Blog Designer Pack – WordPress Blog Plugin versions up to, and including, 3.4.1 **Description** The issue is related to Remote Code Execution via Local File Inclusion. This is due to the `bdp get more post` function utilizing an unsafe `extract()` method to extract values from the `POST` variable and passing that input to the `include()` function. This makes it possible for unauthenticated attackers to include arbitrary PHP files and achieve remote code execution. On vulnerable Docker configurations, it may be possible for an attacker to create a PHP file and then subsequently include it to achieve RCE. Approximately 30,000 sites are at risk. **Recommendations** For versions up to, and including, 3.4.1, update to a version that fixes the `bdp get more post` function to prevent the use of the unsafe `extract()` method. As a temporary workaround, consider disabling the `bdp get more post` function hooked via a nopriv AJAX until a patch is available. Restrict access to the `include()` function to minimize the risk of exploitation. Avoid using the `POST` variable in the affected AJAX endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Technicolor TG670 version 10.5.N.9 **Description** The issue concerns the presence of multiple accounts with hard-coded passwords in the Technicolor TG670 device. One of these accounts has administrative privileges, which can allow for unrestricted access over the WAN interface if Remote Administration is enabled. This could potentially allow a remote attacker to gain unauthorized access to protected information. The vulnerability is related to the use of hard-coded credentials, which can be exploited by an attacker to gain administrative control over the device. **Recommendations** For Technicolor TG670 version 10.5.N.9, consider disabling Remote Administration to prevent potential exploitation until a patch is available. Additionally, it is recommended to check for security updates that address this issue and apply them as soon as possible. If no update is available, disabling remote administration can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sophos Mobile versions 5.0.0 through 9.7.4 **Description** An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises. This issue may lead to significant security risks, including the execution of malicious code. **Recommendations** For Sophos Mobile versions 5.0.0 through 9.7.4, update to a version that contains a fix for this issue to prevent potential code execution and server-side request forgery. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cisco Security Manager (affected versions not specified) Description: A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The issue is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by viewing source code, potentially allowing them to view static credentials and carry out further attacks. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine Exchange Reporter Plus versions prior to build number 5510 Zoho ManageEngine AD360 versions prior to build number 4228 Zoho ManageEngine ADSelfService Plus versions prior to build number 5817 Zoho ManageEngine DataSecurity Plus versions prior to build number 6033 Zoho ManageEngine RecoverManager Plus versions prior to build number 6017 Zoho ManageEngine EventLog Analyzer versions prior to build number 12136 Zoho ManageEngine ADAudit Plus versions prior to build number 6052 Zoho ManageEngine O365 Manager Plus versions prior to build number 4334 Zoho ManageEngine Cloud Security Plus versions prior to build number 4110 Zoho ManageEngine ADManager Plus versions prior to build number 7055 Zoho ManageEngine Log360 versions prior to build number 5166 **Description** An issue was discovered in the specified Zoho ManageEngine products. The remotely accessible Java servlet `com.manageengine.ads.fw.servlet.UpdateProductDetails` is prone to an authentication bypass. This allows system integration properties to be modified, potentially leading to a full ManageEngine suite compromise. **Recommendations** For Zoho ManageEngine Exchange Reporter Plus versions prior to build number 5510, update to build number 5510 or later. For Zoho ManageEngine AD360 versions prior to build number 4228, update to build number 4228 or later. For Zoho ManageEngine ADSelfService Plus versions prior to build number 5817, update to build number 5817 or later. For Zoho ManageEngine DataSecurity Plus versions prior to build number 6033, update to build number 6033 or later. For Zoho ManageEngine RecoverManager Plus versions prior to build number 6017, update to build number 6017 or later. For Zoho ManageEngine EventLog Analyzer versions prior to build number 12136, update to build number 12136 or later. For Zoho ManageEngine ADAudit Plus versions prior to build number 6052, update to build number 6052 or later. For Zoho ManageEngine O365 Manager Plus versions prior to build number 4334, update to build number 4334 or later. For Zoho ManageEngine Cloud Security Plus versions prior to build number 4110, update to build number 4110 or later. For Zoho ManageEngine ADManager Plus versions prior to build number 7055, update to build number 7055 or later. For Zoho ManageEngine Log360 versions prior to build number 5166, update to build number 5166 or later.

**Name of the Vulnerable Software and Affected Versions** OpenNMS Horizon versions prior to 26.0.1 OpenNMS Meridian versions prior to 2018.1.19 OpenNMS Meridian 2019 versions prior to 2019.1.7 **Description** An issue allows for arbitrary deserialization of Java objects, leading to remote code execution for any authenticated channel user regardless of its assigned permissions. This is related to the ActiveMQ channel configuration and affects authenticated users. **Recommendations** For OpenNMS Horizon versions prior to 26.0.1, update to version 26.0.1 or later. For OpenNMS Meridian versions prior to 2018.1.19, update to version 2018.1.19 or later. For OpenNMS Meridian 2019 versions prior to 2019.1.7, update to version 2019.1.7 or later.