Havelsan Inc

**Name of the Vulnerable Software and Affected Versions** Vidco Software VOC TESTER versions prior to 12.41.0 **Description** An authorization bypass exists in Vidco Software VOC TESTER due to a user-controlled key vulnerability, allowing for forceful browsing. **Recommendations** Update Vidco Software VOC TESTER to version 12.41.0 or later.

**Name of the Vulnerable Software and Affected Versions** Uyumsoft ERP versions prior to Erp4.2109.166p45 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for XSS using invalid characters and Reflected XSS. **Recommendations** For versions prior to Erp4.2109.166p45, update to a version Erp4.2109.166p45 or later to resolve the issue. As a temporary workaround, consider restricting user input to prevent the use of invalid characters in web page generation until a patch is available.

Name of the Vulnerable Software and Affected Versions: TR7 Application Security Platform (ASP) version 1.4.25.188 Description: The issue affects the TR7 Application Security Platform (ASP) due to an Improper Protection of Alternate Path vulnerability, allowing Privilege Escalation and Privilege Abuse. This vulnerability enables Execution with Unnecessary Privileges. Recommendations: For version 1.4.25.188, upgrade to a newer version to avoid exploitation. As a temporary workaround, consider restricting privileges to minimize the risk of escalation.

**Name of the Vulnerable Software and Affected Versions** Dataprom Informatics Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS) versions prior to 2024 **Description** The issue is related to an Origin Validation Error, which allows traffic injection. This affects the Personnel Attendance Control Systems (PACS) and Access Control Security Systems (ACSS) by Dataprom Informatics. **Recommendations** For versions prior to 2024, update to a version released in 2024 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the system to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: ValeApp versions prior to 2.0.0 Description: The issue affects Oceanic Software ValeApp, allowing protocol manipulation through JSON Hijacking, also known as JavaScript Hijacking, due to cleartext storage of sensitive information in a cookie. Recommendations: For versions prior to 2.0.0, update to version 2.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive cookies to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: ValeApp versions prior to 2.0.0 Description: The issue is a Session Fixation vulnerability that allows for Brute Force and Session Hijacking. This vulnerability affects the authentication mechanism of the software, potentially allowing unauthorized access to user sessions. Recommendations: For versions prior to 2.0.0, update to version 2.0.0 or later to resolve the issue. As a temporary workaround, consider implementing additional security measures to protect against brute force attacks and session hijacking, such as restricting access to sensitive areas of the application or implementing rate limiting on login attempts.

Name of the Vulnerable Software and Affected Versions: ValeApp versions prior to 2.0.0 Description: The issue allows the insertion of sensitive information into a log file, enabling the query system for information. Recommendations: For versions prior to 2.0.0, update to version 2.0.0 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: ValeApp versions prior to 2.0.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. Recommendations: For versions prior to 2.0.0, update to version 2.0.0 or later to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.