Kevin Joensen

**Name of the Vulnerable Software and Affected Versions** Umbraco Forms versions 16 through 17 **Description** Umbraco Forms, a form builder integrated with the Umbraco content management system, contains a flaw that allows an authenticated backoffice user to list and access files on the system's file system, and read their contents on Mac and Linux Umbraco installations. The issue affects versions 16 and 17. The `/umbraco/forms/api/v1/export` API endpoint is involved, and the `fileName` parameter is susceptible to path traversal attacks using sequences like `../` and `..`. Umbraco Cloud users are not affected as it runs in a Windows environment. **Recommendations** Umbraco Forms version 16.4.1 Umbraco Forms version 17.1.1 If upgrading is not immediately possible, configure a WAF or reverse proxy to block requests containing path traversal sequences (`../`, `..`) in the `fileName` parameter of the ''/umbraco/forms/api/v1/export'' endpoint. Restrict network access to the Umbraco backoffice to trusted IP ranges. Block the ''/umbraco/forms/api/v1/export'' endpoint entirely if the export feature is not required.

**Name of the Vulnerable Software and Affected Versions** Mitel 6800 Series and 6900 Series SIP Phones versions through 6.3 SP3 HF4 Mitel 6900w Series SIP Phone versions through 6.3.3 Mitel 6970 Conference Unit versions through 5.1.1 SP8 **Description** A buffer overflow attack can be conducted by an authenticated attacker due to insufficient bounds checking and input sanitization. This could allow an attacker to gain access to sensitive information, modify system configuration, or execute arbitrary commands within the context of the system. The issue is related to a buffer overflow in memory, which can be exploited by sending specially crafted network requests. **Recommendations** For Mitel 6800 Series and 6900 Series SIP Phones versions through 6.3 SP3 HF4, update to a version later than 6.3 SP3 HF4 to resolve the issue. For Mitel 6900w Series SIP Phone versions through 6.3.3, update to a version later than 6.3.3 to resolve the issue. For Mitel 6970 Conference Unit versions through 5.1.1 SP8, update to a version later than 5.1.1 SP8 to resolve the issue. As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mitel 6800 Series versions through 6.3 SP3 HF4 Mitel 6900 Series versions through 6.3 SP3 HF4 Mitel 6900w Series SIP Phone versions through 6.3.3 Mitel 6970 Conference Unit versions through 5.1.1 SP8 **Description** The issue is related to insufficient protection of service data, allowing an unauthenticated attacker to conduct an unauthorized access attack due to improper access control. A successful exploit could allow an attacker to gain unauthorized access to user information or the system configuration. **Recommendations** For Mitel 6800 Series versions through 6.3 SP3 HF4, update to a version later than 6.3 SP3 HF4 to resolve the issue. For Mitel 6900 Series versions through 6.3 SP3 HF4, update to a version later than 6.3 SP3 HF4 to resolve the issue. For Mitel 6900w Series SIP Phone versions through 6.3.3, update to a version later than 6.3.3 to resolve the issue. For Mitel 6970 Conference Unit versions through 5.1.1 SP8, update to a version later than 5.1.1 SP8 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mitel 6800 Series and 6900 Series SIP Phones versions through 6.3 SP3 HF4 Mitel 6900w Series SIP Phone versions through 6.3.3 Mitel 6970 Conference Unit versions through 5.1.1 SP8 **Description** A vulnerability allows an authenticated attacker with administrative privilege to conduct an argument injection attack due to insufficient parameter sanitization. This could allow an attacker to access sensitive information, modify system configuration, or execute arbitrary commands. **Recommendations** For Mitel 6800 Series and 6900 Series SIP Phones versions through 6.3 SP3 HF4, update to a version later than 6.3 SP3 HF4 to resolve the issue. For Mitel 6900w Series SIP Phone versions through 6.3.3, update to a version later than 6.3.3 to resolve the issue. For Mitel 6970 Conference Unit versions through 5.1.1 SP8, update to a version later than 5.1.1 SP8 to resolve the issue. As a temporary workaround, consider restricting access to administrative privileges to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mitel 6800 Series versions through 6.3 SP3 HF4 Mitel 6900 Series versions through 6.3 SP3 HF4 Mitel 6900w Series versions through 6.3.3 Mitel 6970 Conference Unit versions through 5.1.1 SP8 **Description** The issue is related to insufficient input validation, allowing an authenticated attacker with administrative privilege to conduct a path traversal attack. This could enable the attacker to access sensitive information by sending a specially crafted HTTP request. **Recommendations** For Mitel 6800 Series versions through 6.3 SP3 HF4, update to a version later than 6.3 SP3 HF4 to resolve the issue. For Mitel 6900 Series versions through 6.3 SP3 HF4, update to a version later than 6.3 SP3 HF4 to resolve the issue. For Mitel 6900w Series versions through 6.3.3, update to a version later than 6.3.3 to resolve the issue. For Mitel 6970 Conference Unit versions through 5.1.1 SP8, update to a version later than 5.1.1 SP8 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable HTTP endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Mitel 6800 Series versions through 6.3 SP3 HF4 Mitel 6900 Series versions through 6.3 SP3 HF4 Mitel 6900w Series versions through 6.3.3 Mitel 6970 Conference Unit versions through 5.1.1 SP8 **Description** The issue is related to an authentication bypass attack due to improper authentication control. This could allow an unauthenticated attacker to modify system configuration settings and potentially cause a denial of service. **Recommendations** For Mitel 6800 Series versions through 6.3 SP3 HF4, update to a version later than 6.3 SP3 HF4 to resolve the issue. For Mitel 6900 Series versions through 6.3 SP3 HF4, update to a version later than 6.3 SP3 HF4 to resolve the issue. For Mitel 6900w Series versions through 6.3.3, update to a version later than 6.3.3 to resolve the issue. For Mitel 6970 Conference Unit versions through 5.1.1 SP8, update to a version later than 5.1.1 SP8 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** F-Secure Policy Manager versions prior to 2022-08-10 WithSecure versions prior to 2022-08-10 **Description** The issue allows unauthenticated users to perform an arbitrary file write, enabling them to write files with arbitrary contents in various locations on the server. This can lead to a denial of service. **Recommendations** For F-Secure Policy Manager versions prior to 2022-08-10, update to a version released after 2022-08-10 to resolve the issue. For WithSecure versions prior to 2022-08-10, update to a version released after 2022-08-10 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WithSecure versions prior to 2022-08-10 **Description** The issue is related to reflected cross-site scripting (XSS) vulnerabilities due to an unvalidated parameter in an endpoint, allowing remote attackers to provide malicious input. This affects the F-Secure Policy Manager. **Recommendations** For versions prior to 2022-08-10, consider restricting access to the vulnerable endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the unvalidated parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Play Framework versions 2.6.0 through 2.8.1 **Description** The issue allows the CSRF filter to be bypassed by making CORS simple requests with content types that contain parameters that cannot be parsed. **Recommendations** For Play Framework versions 2.6.0 through 2.8.1, consider updating the CSRF filter configuration to handle unparseable content type parameters or restrict access to the affected CORS endpoints until a patch is available.