Marius Schwarz

**Name of the Vulnerable Software and Affected Versions** konzept-ix publiXone versions prior to 2020.015 **Description** The issue allows attackers to download files by iterating over the `fileID` parameter in the IXCopy function. This could potentially lead to unauthorized access to sensitive information. **Recommendations** For versions prior to 2020.015, consider restricting access to the IXCopy function or limiting the iteration over the `fileID` parameter until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** konzept-ix publiXone versions prior to 2020.015 **Description** The issue allows remote attackers to inject arbitrary JavaScript or HTML, which can be achieved via several endpoints, including "appletError.jsp", "job jacket detail.jsp", "ixedit/editor component.jsp", or the "login form". **Recommendations** For versions prior to 2020.015, update to version 2020.015 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected endpoints, such as "appletError.jsp", "job jacket detail.jsp", "ixedit/editor component.jsp", and the login form, until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** konzept-ix publiXone versions prior to 2020.015 **Description** The issue is related to a RemoteFunctions endpoint with missing access control, allowing attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact. **Recommendations** For versions prior to 2020.015, update to version 2020.015 or later to resolve the issue. As a temporary workaround, consider restricting access to the RemoteFunctions endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** konzept-ix publiXone versions prior to 2020.015 **Description** The issue allows attackers to take over arbitrary user accounts by crafting password-reset tokens. **Recommendations** For versions prior to 2020.015, update to version 2020.015 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** konzept-ix publiXone versions prior to 2020.015 **Description** The issue concerns a hardcoded AES key in the Java applet of the affected software. This hardcoded key allows attackers to craft password-reset tokens or decrypt server-side configuration files. **Recommendations** For versions prior to 2020.015, update to version 2020.015 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** COMPAREX Miss Marple Enterprise Edition versions prior to 2.0 **Description** The issue allows remote attackers to execute arbitrary code with SYSTEM privileges due to missing update validation in the Miss Marple Updater Service. **Recommendations** For versions prior to 2.0, update to version 2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** COMPAREX Miss Marple Enterprise Edition versions prior to 2.0 **Description** The issue allows local users to execute arbitrary code by reading the user name and encrypted password hard-coded in an Inventory Agent configuration file. **Recommendations** For versions prior to 2.0, update to version 2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Inventory Agent configuration file to minimize the risk of exploitation.