Jerome Nokin

**Name of the Vulnerable Software and Affected Versions** Advanced Secure Gateway and Content Analysis versions prior to 7.3.13.1 / 3.1.6.0 **Description** The issue is related to an Elevation of Privilege vulnerability. **Recommendations** For versions prior to 7.3.13.1 / 3.1.6.0, update to version 7.3.13.1 / 3.1.6.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Advanced Secure Gateway and Content Analysis versions prior to 7.3.13.1 / 3.1.6.0 **Description** The issue is related to a Server-Side Request Forgery vulnerability. **Recommendations** For versions prior to 7.3.13.1 / 3.1.6.0, update to version 7.3.13.1 / 3.1.6.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Advanced Secure Gateway and Content Analysis versions prior to 7.3.13.1 / 3.1.6.0 **Description** The issue is related to a Stored Cross-Site Scripting vulnerability. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions prior to 7.3.13.1 / 3.1.6.0, update to version 7.3.13.1 / 3.1.6.0 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable components until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Advanced Secure Gateway and Content Analysis versions prior to 7.3.13.1 / 3.1.6.0 **Description** The issue is related to a Command Injection vulnerability. **Recommendations** For versions prior to 7.3.13.1 / 3.1.6.0, update to version 7.3.13.1 / 3.1.6.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Oracle Solaris versions 10 and 11 **Description** The issue is related to errors in processing input data in the Utility component of Oracle Solaris. Exploitation of this issue can allow an attacker to execute arbitrary code. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. The issue can result in the takeover of Oracle Solaris. **Recommendations** For Oracle Solaris versions 10 and 11, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CBRN-Analysis versions prior to 22 **Description** The issue allows XXE attacks via an XML document, leading to NTLMv2-SSP hash disclosure. This occurs when processing a malicious XML document. **Recommendations** For versions prior to 22, update to version 22 or later to resolve the issue. As a temporary workaround, consider restricting the processing of external XML documents to minimize the risk of exploitation. Avoid using the `am mws XML document` in the affected system until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** CBRN-Analysis versions prior to 22 **Description** The issue is related to weak file permissions under the Public Profile, which can lead to the disclosure of file contents or privilege escalation. **Recommendations** For versions prior to 22, update to version 22 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** McAfee ePolicy Orchestrator (ePO) versions prior to 4.5.7 McAfee ePolicy Orchestrator (ePO) versions 4.6.x prior to 4.6.6 **Description** A directory traversal issue allows remote attackers to upload arbitrary files via a crafted request over the Agent-Server communication channel. This can be demonstrated by writing to the Software/ directory. **Recommendations** For versions prior to 4.5.7, update to version 4.5.7 or later. For versions 4.6.x prior to 4.6.6, update to version 4.6.6 or later.