Maksym Brzęczek

#11519of 53,635
23.9Total CVSS
Vulnerabilities · 3
Medium
1
High
1
Critical
1
PT-2025-7455
8.7
2025-02-21
Unknown · Wyn Enterprise · CVE-2024-9150
**Name of the Vulnerable Software and Affected Versions** Wyn Enterprise versions prior to 8.0.00204.0 **Description** The report generation functionality in Wyn Enterprise allows for code inclusion but does not sufficiently limit what code might be included. An attacker can use a low-privileges account to abuse this functionality, execute malicious code, load DLL libraries, and execute OS commands on a host system with applications' high privileges. **Recommendations** For versions prior to 8.0.00204.0, update to version 8.0.00204.0 to fix the issue. As a temporary workaround, consider restricting access to the report generation functionality to minimize the risk of exploitation.
PT-2024-26036
5.4
2024-05-13
Ant Media Server · Ant Media Server Community Edition · CVE-2024-3462
**Name of the Vulnerable Software and Affected Versions** Ant Media Server Community Edition versions prior to 2.9.0 **Description** The issue is related to an improper HTTP header based authorization, allowing the use of non-administrative API calls reserved for authorized users. **Recommendations** For versions prior to 2.9.0, consider restricting access to API endpoints until a patch is available. As a temporary workaround, review and limit the use of HTTP headers to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-29853
9.8
2023-11-09
Apereo · Apereo Cas · CVE-2023-4612
**Name of the Vulnerable Software and Affected Versions** Apereo CAS versions through 7.0.0-RC7 **Description** The issue is related to an Improper Authentication vulnerability in the jakarta.servlet.http.HttpServletRequest.getRemoteAddr method, which allows Multi-Factor Authentication bypass. There is no patch available for this issue, and the vendor does not consider it a vulnerability. **Recommendations** For Apereo CAS versions through 7.0.0-RC7, as a temporary workaround, consider restricting access to the `jakarta.servlet.http.HttpServletRequest.getRemoteAddr` method until a patch is available or the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.