Joe Dillon

**Name of the Vulnerable Software and Affected Versions** Meridian Technique Materialise OrthoView versions through 7.5.1 **Description** Meridian Technique Materialise OrthoView through version 7.5.1 is susceptible to an OS Command Injection when servlet sharing is enabled. This allows for potential remote code execution and authentication bypass. The issue occurs when the application improperly handles user-supplied input, allowing attackers to inject arbitrary commands that are then executed by the operating system. The vulnerable component is related to servlet sharing functionality. **Recommendations** Versions prior to 7.5.1 should be updated. Disable servlet sharing functionality to mitigate the risk.

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A token is created using the `username`, current date/time, and a fixed AES-128 encryption key, which is the same across all installations. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows (affected versions not specified) Description: A flaw exists in the Windows login flow where an `AuthContext` token can be exploited for replay attacks and authentication bypass. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.