Lucas Fedyniak-Hopes

**Name of the Vulnerable Software and Affected Versions** Splunk App for Stream versions prior to 8.1.1 **Description** A low-privileged user could use a vulnerability in the `streamfwd` process within the Splunk App for Stream to escalate their privileges on the machine that runs the Splunk Enterprise instance, up to and including the root user. **Recommendations** For versions prior to 8.1.1, update to version 8.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `streamfwd` process to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Avaya Session Border Controller for Enterprise versions 7.x through 8.1.1.x Description: A command injection issue could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Recommendations: For Avaya Session Border Controller for Enterprise versions 7.x through 8.1.1.x, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Avaya Aura Orchestration Designer versions prior to 7.2.3 Description: An XML External Entities (XXE) issue in the web-based user interface could allow an authenticated, remote attacker to gain read access to information stored on an affected system. Recommendations: For versions prior to 7.2.3, update to version 7.2.3 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Callback Assist versions 4.0.x before 4.7.1.1 Patch 7 Description: An XML External Entities (XXE) issue could allow an authenticated, remote attacker to gain read access to information stored on an affected system. Recommendations: For versions 4.0.x before 4.7.1.1 Patch 7, update to version 4.7.1.1 Patch 7 or later to resolve the issue.