Jean-Michel Huguet

**Name of the Vulnerable Software and Affected Versions** Tanium Client (affected versions not specified) **Description** Tanium Client is subject to a denial of service condition. The vulnerability allows for a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tanium Threat Response (affected versions not specified) **Description** Tanium Threat Response contains an information disclosure issue. The vulnerability allows for the potential exposure of information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tanium Appliance (affected versions not specified) **Description** An improper input validation issue exists in Tanium Appliance. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tanium Threat Response (affected versions not specified) **Description** Tanium Threat Response contains an information disclosure issue. The vulnerability allows for the potential exposure of information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tanium Threat Response (affected versions not specified) **Description** Tanium Threat Response contains an information disclosure issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Business Intelligence Enterprise Edition versions 7.6.0.0.0 through 12.2.1.4.0 **Description** A vulnerability exists in the Oracle Business Intelligence Enterprise Edition component, Platform Security, that allows an unauthenticated attacker with network access via HTTP to compromise the system. Successful attacks require human interaction from a person other than the attacker and may impact additional products. Successful exploitation can result in unauthorized data modification and read access. **Recommendations** Update Oracle Business Intelligence Enterprise Edition version 7.6.0.0.0 to a later version. Update Oracle Business Intelligence Enterprise Edition version 8.2.0.0.0 to a later version. Update Oracle Business Intelligence Enterprise Edition version 12.2.1.4.0 to a later version.

**Name of the Vulnerable Software and Affected Versions** Cisco Unified Communications products (affected versions not specified) **Description** A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This issue is due to improper validation of user-supplied command arguments. An attacker could exploit this by executing crafted commands on the CLI of an affected device, allowing them to execute arbitrary commands on the underlying operating system as the root user. The attacker must have valid administrative credentials to exploit this vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle BI Publisher versions 7.6.0.0.0 through 12.2.1.4.0 **Description** The issue allows an unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher, resulting in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. **Recommendations** For versions 7.6.0.0.0 and 12.2.1.4.0, update to a version that contains a fix for this issue to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle BI Publisher versions 7.6.0.0.0 through 12.2.1.4.0 **Description** The issue affects the Oracle BI Publisher product of Oracle Analytics, specifically the XML Services component. It allows a low-privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks can result in unauthorized update, insert, or delete access to some Oracle BI Publisher accessible data and unauthorized ability to cause a partial denial of service of Oracle BI Publisher. **Recommendations** For versions 7.6.0.0.0 and 12.2.1.4.0, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ServiceNow versions prior to the fixed version in the Washington release of Now Platform **Description** The issue is an authorization bypass vulnerability that could enable an authenticated user to access unauthorized data stored within the Now Platform. It is estimated that over 481,000 instances may be affected. **Recommendations** For versions prior to the fixed version in the Washington release of Now Platform, update to the latest patch or family release that addresses this issue. As a temporary workaround, consider restricting access to sensitive data within the Now Platform until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Cisco APIC (affected versions not specified) **Description** A vulnerability in the CLI could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. The attacker must have valid administrative credentials to exploit this issue. This is due to insufficient validation of arguments passed to specific CLI commands, allowing an attacker to execute arbitrary commands with the privileges of root by including crafted input as the argument of an affected CLI command. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco APIC (affected versions not specified) **Description** A stored XSS attack can be performed by an authenticated, remote attacker on the web UI of the system. The issue arises from improper input validation in the web UI, allowing an attacker with valid administrative credentials to inject malicious code into specific pages. This could lead to the execution of arbitrary script code in the context of the web UI or access to sensitive, browser-based information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco APIC (affected versions not specified) **Description** A vulnerability in the implementation of internal system processes could allow an authenticated, local attacker to access sensitive information on an affected device. The attacker must have valid administrative credentials to exploit this issue. This vulnerability is due to insufficient masking of sensitive information displayed through system CLI commands. An attacker could exploit this by using reconnaissance techniques at the device CLI, potentially accessing sensitive information that could be used for additional attacks. **Recommendations** Update to a version of Cisco APIC that includes the software updates released by Cisco to address this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco APIC (affected versions not specified) **Description** A vulnerability in the system file permission handling could allow an authenticated, local attacker to overwrite critical system files, causing a DoS condition. The attacker must have valid administrative credentials to exploit this issue. This vulnerability is due to a race condition with handling system files, which an attacker could exploit by performing specific operations on the file system, potentially leading to the device being in an inconsistent state. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SolarWinds Platform (affected versions not specified) **Description** The issue is related to a XSS vulnerability in the maps section of the user interface. This vulnerability requires authentication and user interaction to be exploited. It may allow a remote attacker to conduct cross-site scripting attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SolarWinds Platform (affected versions not specified) **Description** A vulnerability was identified in the user interface of the SolarWinds Platform, related to a SWQL injection issue. This vulnerability requires authentication and user interaction to be exploited, allowing a remote attacker to execute arbitrary code. The issue is associated with a lack of protection for the SQL query structure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advanced Secure Gateway and Content Analysis versions prior to 7.3.13.1 / 3.1.6.0 **Description** The issue is related to an Elevation of Privilege vulnerability. **Recommendations** For versions prior to 7.3.13.1 / 3.1.6.0, update to version 7.3.13.1 / 3.1.6.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Oracle Solaris versions 10 and 11 **Description** The issue is related to errors in processing input data in the Utility component of Oracle Solaris. Exploitation of this issue can allow an attacker to execute arbitrary code. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. The issue can result in the takeover of Oracle Solaris. **Recommendations** For Oracle Solaris versions 10 and 11, there is no information about a newer version that contains a fix for this vulnerability.