Marcos Díaz Castiñeiras

**Name of the Vulnerable Software and Affected Versions** Oracle Hospitality OPERA 5 versions 5.6.19.19, 5.6.25.8, 5.6.26.4 **Description** The issue is related to insufficient input validation in the Opera Servlet component, allowing an unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks can result in takeover of the application. While the vulnerability is in Oracle Hospitality OPERA 5, attacks may significantly impact additional products. **Recommendations** For version 5.6.19.19, update to a version that fixes the issue. For version 5.6.25.8, update to a version that fixes the issue. For version 5.6.26.4, update to a version that fixes the issue. As a temporary workaround, consider restricting access to the Opera Servlet component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WatchGuard EPDR version 8.0.21.0002 **Description** An issue was discovered in WatchGuard EPDR, where it is possible to bypass the defensive capabilities by adding a registry key as SYSTEM. **Recommendations** For WatchGuard EPDR version 8.0.21.0002, consider restricting system-level access to prevent the addition of malicious registry keys as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WatchGuard EPDR version 8.0.21.0002 **Description** An issue was discovered that allows enabling or disabling defensive capabilities by sending a crafted message to a named pipe. **Recommendations** For WatchGuard EPDR version 8.0.21.0002, as a temporary workaround, consider restricting access to the named pipe until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WatchGuard EPDR version 8.0.21.0002 **Description** An issue was discovered due to a weak implementation of a password check, making it possible to obtain credentials to access the management console as a non-privileged user. **Recommendations** For WatchGuard EPDR version 8.0.21.0002, consider restricting access to the management console until a fix is available. As a temporary workaround, limit the privileges of non-privileged users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WatchGuard EPDR version 8.0.21.0002 **Description** The issue is related to insufficient access control in the Protection Agent component of WatchGuard Endpoint Protection, Detection and Response (EPDR) and Panda Adaptive Defense 360 (Panda AD360). Exploitation of this issue can allow an attacker to elevate privileges by sending specially crafted messages to a named pipe. This can lead to Local Privilege Escalation on Windows. **Recommendations** For WatchGuard EPDR version 8.0.21.0002, consider restricting access to the named pipe to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the vulnerable message handling functionality between WatchGuard EPDR processes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.