Justin Kennedy

**Name of the Vulnerable Software and Affected Versions** Rapid7 Nexpose versions 6.4.50 and later **Description** A security issue exists in Rapid7 Nexpose related to insufficient entropy in the `CredentialsKeyStorePassword.generateRandomPassword()` method. This can impact the randomness of generated passwords. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The WP Reset – Most Advanced WordPress Reset Tool plugin for WordPress versions up to, and including, 2.0 **Description** The issue allows unauthenticated attackers to extract sensitive data, including site backups, by brute-forcing snapshot filenames due to insufficiently random snapshot names. The vendor does not plan to do any further hardening on this functionality. **Recommendations** For versions up to, and including, 2.0, consider disabling the snapshot functionality until a more secure alternative is available, as the vendor does not plan to release further security enhancements for this feature.

**Name of the Vulnerable Software and Affected Versions** Commvault CommCell version 11.22.22 **Description** The issue is related to the CVSearchService service and is caused by inadequate validation prior to authentication, allowing remote attackers to bypass authentication on affected installations. This can enable an attacker to gain unauthorized access to the system without requiring authentication. The specific flaw exists within the CVSearchService service. **Recommendations** For Commvault CommCell version 11.22.22, consider disabling the CVSearchService service until a patch is available to prevent exploitation. Restrict access to the CVSearchService to minimize the risk of unauthorized access. Apply proper validation prior to authentication to prevent bypassing authentication. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Commvault CommCell version 11.22.22 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can be bypassed. The specific flaw exists within the `DownloadCenterUploadHandler` class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this issue to execute code in the context of NETWORK SERVICE. **Recommendations** For Commvault CommCell version 11.22.22, consider disabling the `DownloadCenterUploadHandler` class until a patch is available to prevent the upload of arbitrary files and mitigate the risk of remote code execution. Restrict access to the `DownloadCenterUploadHandler` class to minimize the risk of exploitation. Avoid using the vulnerable class until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Commvault CommCell versions 11.22.22 **Description** The issue is related to incorrect code generation management in the Demo ExecuteProcessOnGroup process of the CommCell storage management software. Exploitation of this issue can allow a remote attacker to execute arbitrary code by sending a specially crafted request. Although authentication is required to exploit this issue, the existing authentication mechanism can be bypassed. The flaw exists within the Demo ExecuteProcessOnGroup workflow, allowing an attacker to specify an arbitrary command to be executed, potentially executing code in the context of SYSTEM. **Recommendations** For Commvault CommCell version 11.22.22, consider disabling the Demo ExecuteProcessOnGroup workflow as a temporary workaround until a patch is available. Restrict access to the workflow to minimize the risk of exploitation. Avoid using the workflow to execute arbitrary commands until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Commvault CommCell version 11.22.22 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can be bypassed. The specific flaw exists within the DataProvider class and results from the lack of proper validation of a user-supplied string before executing it as JavaScript code. An attacker can leverage this issue to escape the JavaScript sandbox and execute Java code in the context of NETWORK SERVICE. **Recommendations** For Commvault CommCell version 11.22.22, as a temporary workaround, consider disabling the `DataProvider` class until a patch is available. Restrict access to the `DataProvider` class to minimize the risk of exploitation. Avoid using user-supplied strings in the affected JavaScript code until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** OpenNMS (affected versions not specified) **Description** The issue is related to the use of a default password `rtc` for the `rtc` account in the OpenNMS remote monitoring and management system. This allows a remote attacker to gain access to the system by leveraging knowledge of the credentials. **Recommendations** For all affected versions, change the default password `rtc` for the `rtc` account to a strong and unique password to prevent unauthorized access. As a temporary workaround, consider restricting access to the `rtc` account until a more secure configuration is implemented.