Maxime Escourbiac

**Name of the Vulnerable Software and Affected Versions** ingress-nginx versions prior to v1.13.7 ingress-nginx versions 1.14.0 through 1.14.2 **Description** The `rules.http.paths.path` Ingress field in ingress-nginx can be exploited to inject configuration into nginx. This can result in arbitrary code execution within the ingress-nginx controller's context and potential disclosure of Secrets accessible to the controller. In a default installation, the controller has access to all Secrets cluster-wide. The vulnerability lies in the improper handling of the `rules.http.paths.path` parameter, allowing malicious configuration to be injected. **Recommendations** Upgrade ingress-nginx to version 1.13.7 or later. Upgrade ingress-nginx to a version greater than 1.14.2.

**Name of the Vulnerable Software and Affected Versions** Oracle E-Business Suite versions 12.2.3 through 12.2.15 **Description** A security issue exists within the Java utils component of the Oracle Applications DBA product. A high-privileged attacker with network access via HTTP can compromise the system. Successful exploitation may lead to unauthorized data manipulation, deletion, or creation, and potentially complete access to all Oracle Applications DBA accessible data. **Recommendations** Versions prior to 12.2.3 and versions after 12.2.15 are not affected. Update to a version later than 12.2.15.

**Name of the Vulnerable Software and Affected Versions** Oracle E-Business Suite versions 12.2.3 through 12.2.15 **Description** An easily exploitable issue exists in the Oracle Workflow product of Oracle E-Business Suite, specifically within the Workflow Loader component. A high-privileged attacker with network access via HTTP can compromise Oracle Workflow. Successful exploitation may lead to unauthorized access to critical data or complete access to all Oracle Workflow accessible data. **Recommendations** Versions prior to 12.2.3 and after 12.2.15 are not affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: (affected versions not specified) Description: The vulnerability, if exploited, could allow an authenticated attacker with privileges to access publication targets to retrieve sensitive information that could then be used to gain additional access to downstream resources. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: (affected versions not specified) Description: The vulnerability could allow an authenticated attacker with privileges to create or access publication targets of type Text File or HDFS to upload and persist files that could potentially be executed. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks GlobalProtect app versions prior to 6.2.7-h3 Palo Alto Networks GlobalProtect app versions prior to 6.2.8 Palo Alto Networks GlobalProtect app version 6.3.0 Description: A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITYSYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit. Recommendations: For versions prior to 6.2.7-h3, update to version 6.2.7-h3 or later. For versions prior to 6.2.8, update to version 6.2.8 or later. For version 6.3.0, consider disabling the vulnerable privilege management mechanism until a patch is available.

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks GlobalProtect app on Windows (affected versions not specified) Description: A remote attacker can run ActiveX controls within the context of an authenticated Windows user, enabling them to run commands as if they are a legitimate authenticated user. This issue can be exploited when the authenticated user navigates to a malicious page during the GlobalProtect SAML login process on a Windows device. Recommendations: As a temporary workaround, consider disabling the use of ActiveX controls within the GlobalProtect app on Windows until a patch is available. Restrict access to malicious web pages to minimize the risk of exploitation during the GlobalProtect SAML login process.

Name of the Vulnerable Software and Affected Versions: GlobalProtect App on Windows devices (affected versions not specified) Description: The issue is related to a reliance on untrusted input for a security decision in the GlobalProtect app, potentially allowing a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITYSYSTEM. The GlobalProtect app on macOS, Linux, iOS, Android, Chrome OS, and the GlobalProtect UWP App are not affected. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PAN-OS (affected versions not specified) **Description** An unauthenticated file deletion issue in the management web interface of PAN-OS allows an attacker with network access to delete certain files, including limited logs and configuration files, but not system files, as the "nobody" user. The risk can be greatly reduced by restricting access to the management web interface to only trusted internal IP addresses. This issue does not affect Cloud NGFW or Prisma Access software. **Recommendations** Restrict access to the management web interface to only trusted internal IP addresses according to recommended best practices deployment guidelines. As a temporary workaround, consider restricting access to the management web interface until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware Aria Operations for Logs (affected versions not specified) **Description** The issue is related to a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script, potentially leading to arbitrary operations as an admin user. This could allow a remote attacker to perform certain operations in the context of an administrator user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware Aria Operations for Logs (affected versions not specified) **Description** The issue concerns an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware Aria Operations for Logs (affected versions not specified) **Description** The issue is related to insecure privilege management in VMware Aria Operations for Logs, allowing a malicious actor with non-administrative privileges and network access to the Aria Operations for Logs API to perform certain operations in the context of an admin user. This is a result of a privilege escalation issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware Aria Operation for Logs (affected versions not specified) **Description** The issue is related to a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configuration. This could allow a remote attacker to inject and execute arbitrary code in the user's browser within the context of the vulnerable web site. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware Aria Operations (affected versions not specified) **Description** The issue is related to an information disclosure vulnerability in VMware Aria Operations. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known. The vulnerability is associated with a lack of protection for service data, which could allow a remote attacker to disclose protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: VMware Aria Operations (affected versions not specified) Description: The issue is related to a stored cross-site scripting vulnerability in VMware Aria Operations. A malicious actor with editing access to views may be able to inject malicious script, leading to stored cross-site scripting in the product. This could allow a remote attacker to perform cross-site scripting attacks. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: VMware Aria Operations (affected versions not specified) Description: The issue is related to a stored cross-site scripting vulnerability in VMware Aria Operations. A malicious actor with editing access to email templates could inject malicious script, leading to stored cross-site scripting in the product. This could allow a remote attacker to perform cross-site scripting attacks. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cisco Webex App (affected versions not specified) Description: A vulnerability in the media retrieval functionality could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This issue is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Palo Alto Networks GlobalProtect (affected versions not specified) **Description** The issue is related to an insufficient certification validation in the GlobalProtect app, allowing attackers to connect the app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint. Over 1.4 million results are found to be potentially affected. The vulnerability can be exploited to achieve remote code execution and privilege escalation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. However, it is recommended to update to version 6.2.6 and make the required registry changes, including setting "cert-store" to "machine", "cert-location" to "ROOT", and "full-chain-cert-verify" to "yes". Additionally, ensure the full cert chain is installed in the root cert directory. If issues persist, consider temporarily disabling the vulnerable component or restricting access to the affected API endpoints until a patch is available. Note that using an ECC cert with GP 6.2.6 in FIPS-CC mode may result in "Non compliant FIPS-CC mode certificate" errors. As a workaround, using a GoDaddy or ssl dot com cert may resolve OCSP/CRL issues.

**Name of the Vulnerable Software and Affected Versions** IBM DataPower Gateway versions 10.0.1, 2018.4.1, and V10CD **Description** The issue allows an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts due to a cross-site request forgery vulnerability. **Recommendations** For IBM DataPower Gateway version 10.0.1, update to a version that includes a fix for this issue. For IBM DataPower Gateway version 2018.4.1, update to a version that includes a fix for this issue. For IBM DataPower Gateway version V10CD, update to a version that includes a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IBM DataPower Gateway versions 10.0.1.0 through 10.0.1.8 IBM DataPower Gateway versions 10.0.2.0 through 10.0.4.0 IBM DataPower Gateway version 10.5.0.0 IBM DataPower Gateway versions 2018.4.1.0 through 2018.4.1.21 **Description** This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session. **Recommendations** For versions 10.0.1.0 through 10.0.1.8, update to a fixed version to resolve the issue. For versions 10.0.2.0 through 10.0.4.0, update to a fixed version to resolve the issue. For version 10.5.0.0, update to a fixed version to resolve the issue. For versions 2018.4.1.0 through 2018.4.1.21, update to a fixed version to resolve the issue. As a temporary workaround, consider restricting access to the Web UI to minimize the risk of exploitation.