Marcus Chang

Name of the Vulnerable Software and Affected Versions: Unified PAM (affected versions not specified) Description: An authentication bypass allows unauthenticated attackers to control administrator backup functions. Successful exploitation can lead to the compromise of passwords, secrets, and application session tokens stored by the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: (affected versions not specified) Description: An unauthenticated unrestricted file upload vulnerability allows an attacker to upload malicious binaries and scripts to the server. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Unified PAM server (affected versions not specified) Description: A path traversal vulnerability exists in the unauthenticated upload functionality. This allows a malicious actor to upload binaries and scripts to the server’s configuration and web root directories, potentially leading to remote code execution. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.