Jan Rodriguez

**Name of the Vulnerable Software and Affected Versions** UnForm Server versions prior to 10.1.15 **Description** UnForm Server versions prior to 10.1.15 have an unauthenticated arbitrary file read and SMB coercion issue in the Doc Flow feature’s `arc` endpoint. The Doc Flow module uses the `arc` handler to retrieve and render pages or resources specified by the `pp` parameter without authentication or path restrictions. This allows an unauthenticated remote attacker to read arbitrary files accessible to the service account by supplying local filesystem paths. On Windows, providing a UNC path can coerce the server into initiating outbound SMB authentication, potentially exposing NTLM credentials for offline cracking or relay. **Recommendations** Update UnForm Server to version 10.1.15 or later.

Name of the Vulnerable Software and Affected Versions: UnForm Server Manager versions prior to 10.1.12 Description: UnForm Server Manager versions prior to 10.1.12 contain an unauthenticated file read flaw in the log file analysis interface. The vulnerability is located in the `arc` endpoint, which accepts a `fl` parameter specifying the log file to open. Insufficient input validation and path sanitization allow attackers to use relative paths to access arbitrary files on the host system without authentication, potentially including sensitive OS-level files. Recommendations: Update UnForm Server Manager to version 10.1.12 or later.