Guly

**Name of the Vulnerable Software and Affected Versions** rConfig versions 3.9.x through 3.9.6 **Description** The issue is related to an authentication bypass in the lib/crud/userprocess.php file, which can lead to the creation of administrator accounts. **Recommendations** For versions 3.9.x through 3.9.6, update to version 3.9.7 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** rConfig versions 3.9.4 and previous versions **Description** The issue is related to an unauthenticated SQL injection in compliancepolicies.inc.php, which can lead to lateral movement. Since nodes' passwords are stored in cleartext by default, an attacker can gain access to monitored network devices. **Recommendations** For versions 3.9.4 and previous versions, update to a version that fixes the SQL injection issue in compliancepolicies.inc.php to prevent unauthenticated access and lateral movement. As a temporary workaround, consider restricting access to the compliancepolicies.inc.php file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** rConfig versions 3.9.4 and earlier **Description** The issue is related to an unauthenticated SQL injection in compliancepolicyelements.inc.php, which can lead to lateral movement. Since nodes' passwords are stored in cleartext by default, an attacker can gain access to monitored network devices. **Recommendations** For versions 3.9.4 and earlier, update to a version that addresses this issue to prevent SQL injection and lateral movement. As a temporary workaround, consider restricting access to the compliancepolicyelements.inc.php file until a patch is available. Avoid using cleartext storage for nodes' passwords to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** rConfig versions 3.9.4 and earlier **Description** The issue is related to an unauthenticated SQL injection in devices.inc.php, which can lead to lateral movement. Since nodes' passwords are stored in cleartext by default, an attacker can gain access to monitored network devices. **Recommendations** For versions 3.9.4 and earlier, update to a version that fixes the SQL injection issue in devices.inc.php to prevent unauthenticated access and lateral movement. As a temporary workaround, consider restricting access to the devices.inc.php file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** rConfig versions 3.9.4 and previous versions **Description** The issue is related to an unauthenticated SQL injection in snippets.inc.php, which can lead to lateral movement. Since nodes' passwords are stored in cleartext by default, an attacker can gain access to monitored network devices. **Recommendations** For rConfig versions 3.9.4 and previous versions, consider restricting access to the snippets.inc.php file as a temporary workaround until a patch is available. Additionally, changing the default password storage to a more secure method can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HiveManager Classic versions through 8.1r1 **Description** The issue allows arbitrary JSP code execution by modifying a backup archive before a restore. This is possible because the restore feature does not validate pathnames within the archive. An authenticated, local attacker, even one restricted as a tenant, can exploit this by adding a JSP file at HiveManager/tomcat/webapps/hm/domains/$yourtenant/maps, which will then be exposed at the web interface. **Recommendations** For versions through 8.1r1, consider restricting access to the restore feature and validating pathnames within backup archives to prevent arbitrary JSP code execution. As a temporary workaround, consider disabling the restore feature until a proper validation mechanism is implemented.