Maciej Kosz

Name of the Vulnerable Software and Affected Versions: Nozomi Guardian and Nozomi Central Management Console (CMC) (affected versions not specified) OpenAPI (affected versions not specified) Description: The issue is related to insufficient protection of audit records for OpenAPI requests, which may include sensitive information. This could lead to unauthorized accesses and privilege escalation. Recommendations: For Nozomi Guardian and Nozomi Central Management Console (CMC), consider restricting access to audit records to minimize the risk of exploitation. For OpenAPI, as a temporary workaround, consider disabling the logging of sensitive information in audit records until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dell NetWorker version 19.6.1.2 **Description** The issue is an OS command injection vulnerability in the NetWorker client, allowing a remote unauthenticated attacker to execute arbitrary OS commands on the application's underlying OS with the privileges of the vulnerable application. This could lead to an attacker taking complete control of a system. **Recommendations** For Dell NetWorker version 19.6.1.2, upgrade to a newer version at the earliest opportunity to resolve the issue. As a temporary workaround, consider restricting access to the NetWorker client to minimize the risk of exploitation.