Huydoppa

Name of the Vulnerable Software and Affected Versions: LoadMaster versions 7.2.55.0 through 7.2.60.1 LoadMaster versions 7.2.49.0 through 7.2.54.12 LoadMaster version 7.2.48.12 and all prior versions Multi-Tenant Hypervisor version 7.1.35.12 and all prior versions ECS versions prior to 7.2.60.1 Description: The issue is related to an Improper Input Validation vulnerability that allows OS Command Injection. This vulnerability affects authenticated users in Progress LoadMaster. Recommendations: For LoadMaster versions 7.2.55.0 through 7.2.60.1, update to a version outside of this range to mitigate the risk. For LoadMaster versions 7.2.49.0 through 7.2.54.12, update to a version outside of this range to mitigate the risk. For LoadMaster version 7.2.48.12 and all prior versions, update to a version newer than 7.2.48.12 to mitigate the risk. For Multi-Tenant Hypervisor version 7.1.35.12 and all prior versions, update to a version newer than 7.1.35.12 to mitigate the risk. For ECS versions prior to 7.2.60.1, update to version 7.2.60.1 or newer to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** Progress LoadMaster versions 7.2.55.0 through 7.2.60.0 Progress LoadMaster versions 7.2.49.0 through 7.2.54.11 Progress LoadMaster version 7.2.48.12 and all prior versions Multi-Tenant Hypervisor version 7.1.35.11 and all prior versions ECS versions prior to 7.2.60.0 **Description** The issue is related to an Improper Input Validation vulnerability that allows OS Command Injection. This vulnerability affects authenticated users in Progress LoadMaster. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. **Recommendations** For Progress LoadMaster versions 7.2.55.0 through 7.2.60.0, update to a version outside of this range to fix the issue. For Progress LoadMaster versions 7.2.49.0 through 7.2.54.11, update to a version outside of this range to fix the issue. For Progress LoadMaster version 7.2.48.12 and all prior versions, update to a version newer than 7.2.48.12 to fix the issue. For Multi-Tenant Hypervisor version 7.1.35.11 and all prior versions, update to a version newer than 7.1.35.11 to fix the issue. For ECS versions prior to 7.2.60.0, update to version 7.2.60.0 or newer to fix the issue.

**Name of the Vulnerable Software and Affected Versions** Apache Fineract versions 1.4 through 1.8.3 **Description** The issue is a Server-Side Request Forgery (SSRF) vulnerability. Authorized users with limited permissions can gain access to the server and may be able to use the server for any outbound traffic. **Recommendations** For Apache Fineract versions 1.4 through 1.8.3, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.