Konrad Kowal Karp

**Name of the Vulnerable Software and Affected Versions** Haivision's Aviwest Manager and Aviwest Steamhub (affected versions not specified) **Description** This issue allows an attacker to enumerate internal network configuration without the need for credentials. An attacker could compromise an internal server and retrieve requests sent by other users. The vulnerability could be exploited to gain unauthorized access to internal network information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** C21 Live Encoder and Live Mosaic version 5.3 **Description** The issue is related to inadequate access control, allowing a remote attacker to access the application as an administrator user due to lack of proper credential management. This can be done through the application endpoint. **Recommendations** For version 5.3, consider restricting access to the application endpoint as a temporary workaround until a patch is available. Additionally, review and improve credential management to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** C21 Live Encoder and Live Mosaic product version 5.3 **Description** The issue allows a remote attacker to upload different file extensions without any restrictions, resulting in a full system compromise. This is due to an unrestricted upload of dangerous file types. **Recommendations** For version 5.3, consider restricting or disabling file upload functionality until a patch is available to prevent remote attackers from uploading malicious files. As a temporary workaround, restrict access to the file upload feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.