Harrison Neal

**Name of the Vulnerable Software and Affected Versions** RightFax versions prior to 25.4 **Description** An issue involving the deserialization of untrusted data allows for Object Injection. This flaw can lead to remote code execution without requiring authentication. **Recommendations** Update to version 25.4 or later.

**Name of the Vulnerable Software and Affected Versions** OpenText Carbonite Safe Server Backup versions through 6.8.3 **Description** An improper control of generation of code issue, specifically a code injection, exists in OpenText Carbonite Safe Server Backup. The issue could be exploited through an open port, potentially allowing unauthorized access. **Recommendations** Update OpenText Carbonite Safe Server Backup to a version later than 6.8.3.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Arc(TM) Pro Graphics for Windows versions prior to 31.0.101.5319 **Description** The issue is related to improper access control in some Intel(R) Arc(TM) Pro Graphics for Windows drivers. This may allow an authenticated user to potentially enable escalation of privilege via adjacent access. **Recommendations** For versions prior to 31.0.101.5319, update to version 31.0.101.5319 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Oracle Database Server versions 12.1.0.2, 19c, and 21c **Description** The issue is related to insufficient input validation in the RDBMS Gateway / Generic ODBC Connectivity component of Oracle Database Server. This easily exploitable vulnerability allows a low-privileged attacker with Create Session privilege and network access via Oracle Net to compromise the RDBMS Gateway / Generic ODBC Connectivity. Successful attacks can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data. **Recommendations** For version 12.1.0.2, update to a version that includes the fix for this issue. For version 19c, update to a version that includes the fix for this issue. For version 21c, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting network access via Oracle Net to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Jira Data Center versions 6.3.0 through 8.5.16 Jira Data Center versions 8.6.0 through 8.13.8 Jira Data Center versions 8.14.0 through 8.17.0 Jira Core Data Center versions 6.3.0 through 8.5.16 Jira Core Data Center versions 8.6.0 through 8.13.8 Jira Core Data Center versions 8.14.0 through 8.17.0 Jira Software Data Center versions 6.3.0 through 8.5.16 Jira Software Data Center versions 8.6.0 through 8.13.8 Jira Software Data Center versions 8.14.0 through 8.17.0 Jira Service Management Data Center versions 2.0.2 through 4.5.16 Jira Service Management Data Center versions 4.6.0 through 4.13.8 Jira Service Management Data Center versions 4.14.0 through 4.17.0 **Description** The issue is related to a missing authentication vulnerability in the Ehcache RMI network service, which can allow remote attackers to execute arbitrary code in Jira through deserialization. The vulnerability can be exploited by connecting to the service on port 40001 and potentially 40011. Atlassian suggests restricting access to the Ehcache ports to only Data Center instances. Fixed versions of Jira will require a shared secret to allow access to the Ehcache service. In some versions, the Ehcache object port can be randomly allocated. **Recommendations** For Jira Data Center versions 6.3.0 through 8.5.16, update to version 8.5.16 or later. For Jira Data Center versions 8.6.0 through 8.13.8, update to version 8.13.8 or later. For Jira Data Center versions 8.14.0 through 8.17.0, update to version 8.17.0 or later. For Jira Core Data Center versions 6.3.0 through 8.5.16, update to version 8.5.16 or later. For Jira Core Data Center versions 8.6.0 through 8.13.8, update to version 8.13.8 or later. For Jira Core Data Center versions 8.14.0 through 8.17.0, update to version 8.17.0 or later. For Jira Software Data Center versions 6.3.0 through 8.5.16, update to version 8.5.16 or later. For Jira Software Data Center versions 8.6.0 through 8.13.8, update to version 8.13.8 or later. For Jira Software Data Center versions 8.14.0 through 8.17.0, update to version 8.17.0 or later. For Jira Service Management Data Center versions 2.0.2 through 4.5.16, update to version 4.5.16 or later. For Jira Service Management Data Center versions 4.6.0 through 4.13.8, update to version 4.13.8 or later. For Jira Service Management Data Center versions 4.14.0 through 4.17.0, update to version 4.17.0 or later. As a temporary workaround, consider restricting access to the Ehcache ports to only Data Center instances.

**Name of the Vulnerable Software and Affected Versions** SolarWinds Orion Job Scheduler version 2020.2.1 HF 2 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this issue. The flaw exists within the `JobRouterService` WCF service due to its configuration, which allows a critical resource to be accessed by unprivileged users. An attacker can leverage this to execute code in the context of an administrator. **Recommendations** For SolarWinds Orion Job Scheduler version 2020.2.1 HF 2, consider disabling the `JobRouterService` WCF service until a patch is available to prevent exploitation. Restrict access to the critical resource accessed by the WCF service to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SolarWinds Orion Virtual Infrastructure Monitor version 2020.2 **Description** This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. The specific flaw exists within the `OneTimeJobSchedulerEventsService` WCF service, resulting from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this issue to escalate privileges and execute arbitrary code in the context of `SYSTEM`. **Recommendations** For SolarWinds Orion Virtual Infrastructure Monitor version 2020.2, consider disabling the `OneTimeJobSchedulerEventsService` WCF service until a patch is available to prevent deserialization of untrusted data and mitigate the risk of privilege escalation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: SolarWinds Patch Manager version 2020.2.1 Description: This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system. The flaw exists within the DataGridService WCF service due to the lack of proper validation of user-supplied data, resulting in deserialization of untrusted data. This can be leveraged to escalate privileges and execute arbitrary code in the context of Administrator. Recommendations: For SolarWinds Patch Manager version 2020.2.1, consider disabling the DataGridService WCF service as a temporary workaround until a patch is available. Restrict access to the DataGridService to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Database Server versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c **Description** The issue is related to a vulnerability in the Core RDBMS component of Oracle Database Server, which can be exploited by an unauthenticated attacker with network access via OracleNet. The exploitation is difficult and requires human interaction from a person other than the attacker, potentially leading to the takeover of Core RDBMS. The vulnerability is related to insufficient access control. **Recommendations** For versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c, consider restricting access to the Core RDBMS component to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling the OracleNet protocol until the issue is resolved. Restrict access to the network to minimize the risk of remote exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle Database Server versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c **Description** The issue is related to inadequate access control in the Oracle ODBC database gateway, which can be exploited by a remote attacker to cause a denial of service via the OracleNet network protocol. This can lead to unauthorized ability to cause a hang or frequently repeatable crash of the Database Gateway for ODBC. **Recommendations** For versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the OracleNet protocol to minimize the risk of exploitation. Restrict network access to the Database Gateway for ODBC to reduce the likelihood of a successful attack.

**Name of the Vulnerable Software and Affected Versions** Oracle Database Server versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c **Description** The issue is related to a vulnerability in the Database Gateway for ODBC component, which can be exploited by a low-privileged attacker with Create Session privilege and network access via OracleNet. This can lead to unauthorized update, insert, or delete access to some Database Gateway for ODBC accessible data, as well as unauthorized read access to a subset of Database Gateway for ODBC accessible data. Additionally, it can cause a partial denial of service (partial DOS) of Database Gateway for ODBC. The vulnerability is difficult to exploit. **Recommendations** For versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c, consider restricting network access via OracleNet to minimize the risk of exploitation. As a temporary workaround, consider disabling the Create Session privilege for low-privileged attackers until a patch is available. Restrict access to the Database Gateway for ODBC component to minimize the risk of unauthorized data access and denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Database Server versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c **Description** The issue is related to inadequate access control in the Database Gateway for ODBC component of Oracle Database Server. Exploitation of this issue may allow a remote attacker to modify, add, or delete data, or cause a partial denial of service using the OracleNet network protocol. The attacker must have high privileges, including Create Procedure and Create Database Link privileges, as well as network access via OracleNet. Successful attacks can result in unauthorized access to some data and partial denial of service. **Recommendations** For versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c, consider restricting access to the Database Gateway for ODBC component until a patch is available. As a temporary workaround, limit the privileges of users with Create Procedure and Create Database Link privileges to minimize the risk of exploitation. Restrict network access via OracleNet to the Database Gateway for ODBC component to reduce the attack surface. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 **Description** The issue is related to a Directory Traversal Vulnerability due to insufficient sanitization of input parameters. A remote authenticated malicious user with admin privileges could potentially exploit this to gain unauthorized access to the file system. **Recommendations** For versions prior to 9.3.0, update to version 9.3.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Avaya Aura System Platform versions 6.3.0 through 6.3.9 Avaya Aura System Platform versions 6.4.0 through 6.4.2 **Description** A remote, unauthenticated user could perform a targeted deserialization attack, potentially resulting in remote code execution, due to a vulnerability in the Web UI component. **Recommendations** For versions 6.3.0 through 6.3.9, update to a version outside of this range to resolve the issue. For versions 6.4.0 through 6.4.2, update to a version outside of this range to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** RSA Authentication Agent versions 8.0.1 and earlier for Web for IIS **Description** The issue is related to insufficient access control list (ACL) permissions on a Windows Named Pipe, allowing unauthorized users with local system access to exploit it and read configuration properties for the authentication agent. **Recommendations** For RSA Authentication Agent versions 8.0.1 and earlier for Web for IIS, update to a version that addresses the insufficient ACL permissions issue to prevent unauthorized access to configuration properties.

**Name of the Vulnerable Software and Affected Versions** RSA Authentication Agent versions 8.0.1 and earlier for Web **Description** A stack-based buffer overflow issue may occur when handling certain malicious web cookies with invalid formats, potentially allowing an attacker to crash the authentication agent and cause a denial-of-service situation. **Recommendations** For RSA Authentication Agent versions 8.0.1 and earlier, update to a version later than 8.0.1 to resolve the issue.