Marcelo Reyes

**Name of the Vulnerable Software and Affected Versions** 4D server (affected versions not specified) **Description** Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints. This allows for read access to files on the application server and adjacent network shares, as well as the ability to perform HTTP GET requests to arbitrary services. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Lobster pro versions prior to 4.12.6-GA **Description** Unauthenticated attackers can exploit a weakness in the XML parser functionality. This allows for read access to files on the application server and adjacent network shares, as well as the ability to perform HTTP GET requests to arbitrary services. **Recommendations** Update to version 4.12.6-GA or later.

**Name of the Vulnerable Software and Affected Versions** Spryker Commerce OS version 1.4.2 **Description** The issue allows for Remote Command Execution. **Recommendations** For Spryker Commerce OS version 1.4.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.