Greendog

**Name of the Vulnerable Software and Affected Versions** Symmetric DS versions prior to 3.12.0 **Description** The issue allows an attacker to interact with JMX, which can lead to arbitrary code execution. This is possible because mx4j, used by Symmetric DS to provide access to JMX over HTTP, has no authentication by default and is available on all interfaces. An attacker can get system information, invoke MBean methods, and install additional MBeans from a remote host using MLet. **Recommendations** For Symmetric DS versions prior to 3.12.0, consider disabling access to JMX over HTTP or restricting it to specific interfaces and implementing authentication to prevent unauthorized access. As a temporary workaround, consider disabling the MLet functionality to prevent the installation of additional MBeans from remote hosts.

**Name of the Vulnerable Software and Affected Versions** Oracle Business Intelligence Enterprise Edition versions 5.5.0.0.0 through 12.2.1.4.0 **Description** The issue is related to insufficient access control in the Analytics Web General component of Oracle Business Intelligence Enterprise Edition. This can be exploited by a remote attacker to gain full control over the application using the HTTP protocol. The vulnerability can be easily exploited and allows an unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition, resulting in a takeover of the application. **Recommendations** For versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JetBrains TeamCity versions prior to 2019.1.2 **Description** The issue allows access to the history of builds of a deleted build configuration under certain circumstances. **Recommendations** For versions prior to 2019.1.2, update to version 2019.1.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** JetBrains TeamCity versions prior to 2019.1.4 **Description** The issue is related to insecure Java Deserialization, which could potentially allow remote code execution. **Recommendations** For versions prior to 2019.1.4, update to version 2019.1.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** cryo version 0.0.6 cryo (all versions) **Description** A code injection issue in cryo allows an attacker to execute arbitrary code due to an insecure implementation of deserialization. This affects all versions of cryo. **Recommendations** For cryo version 0.0.6, at the moment, there is no information about a newer version that contains a fix for this issue. For all versions of cryo, consider using an alternative module until a fix is made available. As a temporary workaround, consider restricting the use of the deserialization function to minimize the risk of exploitation.