Hurd4N0

**Name of the Vulnerable Software and Affected Versions** opentext Service Management Automation X (SMAX) versions 2020.05 through 2022.11 opentext Asset Management X (AMX) versions 2021.08 through 2022.11 **Description** The issue is an open redirect vulnerability that could allow attackers to redirect a user to malicious websites. **Recommendations** For opentext Service Management Automation X (SMAX) versions 2020.05 through 2022.11, update to a version that contains a fix for this issue. For opentext Asset Management X (AMX) versions 2021.08 through 2022.11, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JavaMelody versions prior to 1.60.1 **Description** The issue allows for XSS via the `counter` parameter in a `clear counter` action to the "/monitoring" API endpoint. **Recommendations** For JavaMelody versions prior to 1.60.1, update to version 1.60.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 **Description** The issue allows for directory traversal in "scgi-bin/platform.cgi" via the `thispage` parameter, enabling the reading of arbitrary files. **Recommendations** For firmware 2.1.71, update to a version that fixes the directory traversal issue in "scgi-bin/platform.cgi". For firmware 2.2.0.7, update to a version that fixes the directory traversal issue in "scgi-bin/platform.cgi". As a temporary workaround, consider restricting access to the "scgi-bin/platform.cgi" endpoint to minimize the risk of exploitation. Avoid using the `thispage` parameter in the affected endpoint until the issue is resolved.