Jakub Pałaczyński

Name of the Vulnerable Software and Affected Versions: Thomson Reuters for FATCA versions prior to 5.2 Description: The issue allows remote attackers to execute arbitrary files. This is achieved via the `item` parameter. Recommendations: For versions prior to 5.2, update to version 5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `item` parameter to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Thomson Reuters FATCH versions prior to 5.2 Description: A file upload issue exists in the `specid` parameter, allowing malicious users to upload arbitrary PHP files to the web root and execute system commands. Recommendations: For versions prior to 5.2, update to version 5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the file upload feature to minimize the risk of exploitation. Avoid using the `specid` parameter in file upload operations until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows (affected versions not specified) **Description** The issue is related to errors in privilege management, allowing an attacker to potentially elevate their privileges to SYSTEM. This can be achieved by exploiting a certain DLL that is vulnerable to race conditions, enabling the planting of a customized DLL with Local Service privilege. The vulnerability can be exploited to affect the system, but specific details about the number of potentially affected devices or real-world incidents are not provided. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.