Hieu Tran

**Name of the Vulnerable Software and Affected Versions** Avaya Aura Experience Portal versions 7.0 through 7.2.3 Avaya Aura Experience Portal version 8.0.0 **Description** A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. **Recommendations** For Avaya Aura Experience Portal versions 7.0 through 7.2.3, apply the hotfix to resolve the issue. For Avaya Aura Experience Portal version 8.0.0, apply the hotfix to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Avaya Aura Experience Portal Web management versions 7.0 through 7.2.3 Avaya Aura Experience Portal Web management version 8.0.0 **Description** Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management, which could allow an authenticated user to potentially disclose sensitive information. **Recommendations** For Avaya Aura Experience Portal Web management versions 7.0 through 7.2.3, apply the necessary hotfix to resolve the issue. For Avaya Aura Experience Portal Web management version 8.0.0, apply the necessary hotfix to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Trend Micro Password Manager version 5 (Consumer) Description: The issue allows an attacker to inject a malicious DLL file during the installation process, potentially executing a malicious program each time a user installs a program. This is due to a DLL Hijacking vulnerability. Recommendations: For Trend Micro Password Manager version 5 (Consumer), consider disabling the installation functionality until a patch is available to prevent exploitation of the DLL Hijacking vulnerability.