Jang

**Name of the Vulnerable Software and Affected Versions** Inductive Automation Ignition (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. The specific flaw exists within the `downloadLaunchClientJar` function, which lacks validation of a remote JAR file prior to loading it. An attacker can leverage this vulnerability to execute code in the context of the current user. User interaction is required to exploit this vulnerability, as the target must connect to a malicious server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft SharePoint Server versions prior to 16.0.10399.20005 **Description** This issue is an elevation of privilege vulnerability in Microsoft SharePoint Server that allows attackers to affect the system. The vulnerability enables remote attackers to gain administrator privileges by circumventing authentication using spoofed JWT auth tokens. This flaw is actively exploited and has been observed in attacks, with reports of successful exploitation attempts. The vulnerability has been exploited in conjunction with other flaws to enable remote code execution. Approximately 2500 internet-connected SharePoint servers globally are estimated to be vulnerable, with around 650 located in Russia. The vulnerability is tracked as CVE-2023-29357. Exploitation involves targeting the `/api/web/siteusers` endpoint. **Recommendations** Update Microsoft SharePoint Server to version 16.0.10399.20005 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft SharePoint Server (affected versions not specified) **Description** The issue is related to a remote code execution vulnerability in Microsoft SharePoint Server. This vulnerability allows an authenticated attacker with Site Owner privileges to execute arbitrary code. The vulnerability is being actively exploited in the wild. According to some sources, over 43,658 targets related to this vulnerability were discovered using ZoomEye. The vulnerability can be exploited together with another issue to bypass authentication and use the SharePoint API with administrator privileges. A public exploit is available that uses both vulnerabilities. **Recommendations** As a temporary workaround, consider disabling the vulnerable functionality until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Apply the patch released by Microsoft in May 2023 to the latest secure version. Federal agencies must apply fixes by April 16, 2024. At the moment, there is no information about a newer version that contains a fix for this vulnerability, but it is recommended to update to the latest secure version.

**Name of the Vulnerable Software and Affected Versions** Microsoft Exchange Server (affected versions not specified) **Description** The issue is related to incorrect code generation management in Microsoft Exchange Server, allowing a remote attacker to execute arbitrary code by sending a specially crafted request. This can affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle WebLogic Server versions 10.3.6.0.0 through 12.2.1.4.0 **Description** The issue is related to the Core component of Oracle WebLogic Server and is caused by inadequate access control. It allows an unauthenticated attacker with network access via IIOP, T3 protocols to compromise the server. Successful attacks can result in the takeover of Oracle WebLogic Server. The vulnerability is easily exploitable and has been exploited in the wild. It is estimated that over 300 vulnerable servers could be exploited, leading to severe security threats. **Recommendations** For versions 10.3.6.0.0 through 12.2.1.4.0, update to a version that includes the fix for this issue, as provided in Oracle's April 2020 Critical Patch Update. As a temporary workaround, consider restricting access to the T3 protocol to minimize the risk of exploitation. Additionally, disabling the deserialization of untrusted data in the T3 protocol can help mitigate the issue until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Oracle WebLogic Server versions 10.3.6.0.0 through 12.2.1.4.0 **Description** The issue is related to insufficient access control in the Core component of Oracle WebLogic Server, allowing an unauthenticated attacker with network access via IIOP, T3 protocols to compromise the server. Successful attacks can result in the takeover of Oracle WebLogic Server. **Recommendations** For versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, and 12.2.1.4.0, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.