Mal

Name of the Vulnerable Software and Affected Versions: PAN-OS (affected versions not specified) Description: An improper input neutralization issue in the management web interface of the Palo Alto Networks PAN-OS software allows a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The attacker must have network access to the management web interface to exploit this issue. Restricting access to the management web interface to only trusted internal IP addresses can reduce the risk of this issue. This issue does not affect Cloud NGFW and all Prisma Access instances. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the management web interface to only trusted internal IP addresses according to the recommended critical deployment guidelines.

**Name of the Vulnerable Software and Affected Versions** Apache OFBiz (affected versions not specified) **Description** The issue is related to a Server-Side Template Injection affecting the ecommerce plugin, which could lead to possible Remote Code Execution (RCE). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PAN-OS (affected versions not specified) Description: The issue is related to an improper neutralization of matching symbols in the command line interface (CLI) of PAN-OS, which allows authenticated administrators, including those with read-only access, to read arbitrary files on the firewall. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache Superset versions prior to 3.1.3 Apache Superset version 4.0.0 **Description** The issue is related to improper input validation in Apache Superset, allowing an authenticated attacker to create a MariaDB connection with local infile enabled. If both the MariaDB server and the local mysql client on the web server are set to allow for local infile, it's possible for the attacker to execute a specific MySQL/MariaDB SQL command that can read files from the server and insert their content into a MariaDB database table. **Recommendations** For Apache Superset versions prior to 3.1.3, upgrade to version 3.1.3 to fix the issue. For Apache Superset version 4.0.0, upgrade to version 4.0.1 to fix the issue. As a temporary workaround, consider disabling the local infile option in the MariaDB connection to minimize the risk of exploitation. Restrict access to the MariaDB database table to prevent unauthorized data insertion. Avoid using the local mysql client on the web server to connect to the MariaDB server until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** VMware vCenter Server (affected versions not specified) **Description** The vCenter Server contains multiple local privilege escalation issues due to a misconfiguration of `sudo`. An authenticated local user with non-administrative privileges may be able to exploit these issues to elevate privileges to root on the vCenter Server Appliance. A proof-of-concept exploit has been published and is available online. Approximately 40,000 systems are potentially affected. The root cause of the issue is a misconfiguration in the `/etc/sudoers` file, which allows for the preservation of dangerous environment variables during `sudo` command execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: VMware vCenter Server (affected versions not specified) Description: The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system. A proof-of-concept (PoC) exploit has been released for this vulnerability, potentially allowing authenticated remote code execution. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: vCenter Server (affected versions not specified) Description: The issue is related to insufficient protection of internal data in the vCenter Server, which may allow a remote attacker to disclose sensitive information. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache ActiveMQ Artemis versions prior to 2.29.0 **Description** The issue is related to the exposure of diagnostic information and controls through MBeans, which are also accessible through the authenticated Jolokia endpoint. This includes the Log4J2 MBean, which is not intended for non-administrative users. An authenticated attacker could exploit this to write arbitrary files to the filesystem, potentially leading to remote code execution. **Recommendations** For Apache ActiveMQ Artemis versions prior to 2.29.0, upgrade to version 2.29.0 or later to fix the issue. As a temporary workaround, consider restricting access to the Jolokia endpoint and MBeans to minimize the risk of exploitation. Avoid using the Log4J2 MBean for non-administrative purposes until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Apache NiFi versions 1.21.0 through 1.23.0 **Description** The issue is related to insufficient comparison in the Apache NiFi data processing platform. An authenticated and authorized user can bypass connection URL validation using custom input formatting, potentially allowing a remote attacker to gain unauthorized access to protected information. The vulnerability affects several Processors and Controller Services that support JDBC and JNDI JMS access. **Recommendations** For Apache NiFi versions 1.21.0 through 1.23.0, upgrade to Apache NiFi 1.23.1 to enhance connection URL validation and introduce validation for additional related properties.

**Name of the Vulnerable Software and Affected Versions** Unica Platform (affected versions not specified) **Description** A Persistent Cross-site Scripting (XSS) issue can be carried out on certain pages, allowing an attacker to hijack a user's session and perform other attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Unica (affected versions not specified) **Description** The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Unica Campaign (affected versions not specified) **Description** A Persistent XSS issue can be exploited in a certain field, allowing an attacker to hijack a user's session and perform other attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Unica Platform (affected versions not specified) **Description** A Persistent Cross-site Scripting (XSS) issue can be exploited in a certain field of the Unica Platform, allowing an attacker to hijack a user's session and perform other attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache NiFi versions 1.8.0 through 1.21.0 **Description** The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location. The resolution validates the JNDI URL and restricts locations to a set of allowed schemes. **Recommendations** Upgrade to version 1.22.0 or later, which fixes this issue.

**Name of the Vulnerable Software and Affected Versions** Apache NiFi versions 0.0.2 through 1.21.0 **Description** The issue in Apache NiFi is related to the DBCPConnectionPool and HikariCPConnectionPool Controller Services, which allow an authenticated and authorized user to configure a Database URL with the H2 driver, enabling custom code execution. This can be exploited by a remote attacker to execute arbitrary code. Thousands of organizations are impacted by this issue. The resolution involves validating the Database URL and rejecting H2 JDBC locations. **Recommendations** For Apache NiFi versions 0.0.2 through 1.21.0, upgrade to version 1.22.0 or later, which fixes this issue. As a temporary workaround, consider restricting the use of the H2 driver in the Database URL configuration to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache James server versions 3.7.3 and earlier **Description** The issue allows privilege escalation by a malicious local user due to the JMX management service being provided without authentication by default. Administrators are advised to take mitigation measures. **Recommendations** For Apache James server versions 3.7.3 and earlier, disable JMX or set up a JMX password to mitigate the issue. For users upgrading to version 3.7.4 or later, no action is required as a JMX password will be set up automatically for Guice users.

**Name of the Vulnerable Software and Affected Versions** Dell EMC SCG Policy Manager versions 5.10 through 5.12 **Description** The issue is related to the use of a hard-coded cryptographic key in the Policy Manager software of Dell Secure Connect Gateway (SCG). An attacker with knowledge of the hard-coded sensitive information could potentially exploit this to login to the system and gain LDAP user privileges. **Recommendations** For versions 5.10 through 5.12, consider disabling access to sensitive areas of the system until a patch is available to prevent potential privilege escalation. As a temporary workaround, restrict access to the system to minimize the risk of exploitation until the issue is resolved. Avoid using the system for sensitive operations until the hard-coded cryptographic key vulnerability is fixed. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dell EMC SCG Policy Manager versions 5.10 through 5.12 **Description** The issue is related to a Hard-coded Cryptographic Key, which could allow an attacker with knowledge of the hard-coded sensitive information to potentially exploit this vulnerability and gain admin privileges by logging into the system. An attacker could exploit this to elevate their privileges. **Recommendations** For Dell EMC SCG Policy Manager versions 5.10 through 5.12, consider restricting access to sensitive areas of the system until a fix is available, and avoid using the hard-coded cryptographic key in any authentication processes. As a temporary workaround, consider disabling any features that rely on the hard-coded key to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dell EMC SCG Policy Manager versions 5.10 through 5.12 **Description** The issue is related to a hard-coded password vulnerability. An attacker with knowledge of the hard-coded credentials could exploit this to login to the system and gain admin privileges. The vulnerability is also associated with the use of a hard-coded cryptographic key, which could allow an attacker to elevate their privileges. **Recommendations** For versions 5.10 through 5.12, consider disabling the use of hard-coded credentials as a temporary workaround until a patch is available. Restrict access to the system to minimize the risk of exploitation. Avoid using the hard-coded cryptographic key in the affected system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Crafter Studio of Crafter CMS (affected versions not specified) **Description** The issue is related to an Improper Control of Dynamically-Managed Code Resources vulnerability. This vulnerability allows authenticated developers to execute OS commands via a Groovy Sandbox Bypass. It may enable a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.