Maurizio Gatti

**Name of the Vulnerable Software and Affected Versions** AVEVA Historian Server (affected versions not specified) **Description** The issue is related to the lack of protection against malicious SQL commands. If exploited, it could allow a remote attacker to execute arbitrary code under the privileges of an interactive Historian REST Interface user, provided the user opens a specially crafted URL. This could potentially be achieved through social engineering tactics. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Integrated Lights Out Manager (ILOM) versions 3 through 5 **Description** The issue is related to insufficient input validation in the System Management component of Oracle Integrated Lights Out Manager (ILOM). This easily exploitable vulnerability allows a high-privileged attacker with network access via ICMP to compromise ILOM, potentially impacting additional products. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized update, insert, or delete access to some of ILOM's accessible data, as well as unauthorized read access to a subset of ILOM's accessible data. **Recommendations** For versions 3 through 5, consider restricting access to the System Management component until a patch is available. As a temporary workaround, consider disabling remote access via ICMP to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.