Frank Spierings

**Name of the Vulnerable Software and Affected Versions** NetIQ Advance Authentication versions prior to 6.3.5.1 **Description** A vulnerability identified in storing and reusing information in Advance Authentication can lead to leakage of sensitive data to unauthorized users. **Recommendations** Update to version 6.3.5.1 or later to secure your systems. As a temporary workaround, consider restricting access to sensitive data stored in Advance Authentication until the update is applied.

Name of the Vulnerable Software and Affected Versions: TOPdesk versions prior to 8.05.017 TOPdesk versions prior to 5.7.SR9 Description: A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Recommendations: For versions prior to 8.05.017, update to version 8.05.017 or later. For versions prior to 5.7.SR9, update to version 5.7.SR9 or later.

Name of the Vulnerable Software and Affected Versions: TOPdesk versions prior to 8.05.017 TOPdesk versions prior to 5.7.SR9 Description: A cross-site request forgery issue allows remote attackers to hijack the authentication of authenticated users for requests that can obtain sensitive information. Recommendations: For versions prior to 8.05.017, update to version 8.05.017 or later. For versions prior to 5.7.SR9, update to version 5.7.SR9 or later.

Name of the Vulnerable Software and Affected Versions: jboss-remoting versions 3.3.10 and later Description: A flaw was found in the way RemoteMessageChannel reads from an empty buffer, which could allow an attacker to cause a denial of service via high CPU usage caused by an infinite loop. Recommendations: For jboss-remoting version 3.3.10, consider disabling the RemoteMessageChannel until a patch is available to prevent potential denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.