Matteo Maiero

Name of the Vulnerable Software and Affected Versions: Eclipse Kura versions prior to 4.0.0 Description: The issue concerns a path traversal problem in get requests for a limited number of file types due to the SkinServlet not checking the path passed during servlet calls. Recommendations: For Eclipse Kura versions prior to 4.0.0, update to version 4.0.0 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Eclipse Kura versions up to 4.0.0 Description: The issue allows an attacker to discover the underlying Ui Web server version used by Eclipse Kura, which can be utilized to craft specific attacks against the web server. Recommendations: For Eclipse Kura versions up to 4.0.0, update to a version later than 4.0.0 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Eclipse Kura versions up to 4.0.0 Description: The issue is related to an improper factory and parser initialization, which could make certain components targets of an XXE attack. The affected components include the Web UI package and component services, the Artemis simple Mqtt component, and the emulator position service. Recommendations: For Eclipse Kura versions up to 4.0.0, update to a version later than 4.0.0 to resolve the issue.