Hesron Hori

**Name of the Vulnerable Software and Affected Versions** ForLogic Qualiex versions v1 through v3 **Description** The issue allows any authenticated customer to achieve privilege escalation through various means such as creating users, changing passwords, or updating user permissions. **Recommendations** For versions v1 through v3, consider restricting access to user creation, password change, and user permission update features until a fix is available. As a temporary workaround, limit the privileges of authenticated customers to prevent escalation.

**Name of the Vulnerable Software and Affected Versions** Senior Rubiweb versions 6.2.34.28 through 6.2.34.37 **Description** The issue allows an attacker to bypass remote authentication, gaining admin access to sensitive information of affected users. This can be achieved by providing the correct URL. **Recommendations** For versions 6.2.34.28 through 6.2.34.37, as a temporary workaround, consider restricting access to sensitive information until a patch is available. Avoid using the vulnerable URL in production environments to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.