Gavin Loughridge

**Name of the Vulnerable Software and Affected Versions** BlaB! AX version 19.11 BlaB! AX Pro version 19.11 BlaB! WS (client) version 19.11 BlaB! WS Pro (client) version 19.11 **Description** An insecure random number generation issue allows an attacker with a guest or user session cookie to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitrary user or admin. **Recommendations** For BlaB! AX version 19.11, update to a version that addresses the insecure random number generation issue. For BlaB! AX Pro version 19.11, update to a version that addresses the insecure random number generation issue. For BlaB! WS (client) version 19.11, update to a version that addresses the insecure random number generation issue. For BlaB! WS Pro (client) version 19.11, update to a version that addresses the insecure random number generation issue.