Marcus Richerson

**Name of the Vulnerable Software and Affected Versions** Ecava IntegraXor versions prior to 5.0 build 4522 **Description** The issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. **Recommendations** For versions prior to 5.0 build 4522, update to version 5.0 build 4522 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ecava IntegraXor versions prior to 5.0 build 4522 **Description** The issue allows remote attackers to bypass authentication and access unspecified web pages. **Recommendations** For versions prior to 5.0 build 4522, update to version 5.0 build 4522 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ecava IntegraXor versions prior to 5.0 build 4522 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. **Recommendations** For versions prior to 5.0 build 4522, update to version 5.0 build 4522 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ecava IntegraXor versions prior to 5.0 build 4522 **Description** The issue allows remote attackers to obtain sensitive cleartext information by sniffing the network, due to a problem with the HMI web server. **Recommendations** For versions prior to 5.0 build 4522, update to version 5.0 build 4522 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ecava IntegraXor versions prior to 5.0 build 4522 **Description** The issue makes it easier for remote attackers to obtain potentially sensitive information via script access to the session cookie, as the HTTPOnly flag is not included in the Set-Cookie header. **Recommendations** For versions prior to 5.0 build 4522, update to version 5.0 build 4522 or later to include the HTTPOnly flag in the Set-Cookie header for the session cookie.

**Name of the Vulnerable Software and Affected Versions** Ecava IntegraXor versions prior to 5.0 build 4522 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a crafted URL. This could potentially lead to unauthorized actions on the affected system. **Recommendations** For versions prior to 5.0 build 4522, update to version 5.0 build 4522 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ecava IntegraXor versions prior to 5.0 build 4522 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via unspecified vectors, potentially leading to remote code execution. **Recommendations** For versions prior to 5.0 build 4522, update to version 5.0 build 4522 or later to resolve the issue.