Mehdi Elyassa

**Name of the Vulnerable Software and Affected Versions** Microsoft Configuration Manager (affected versions not specified) **Description** The vulnerability in Microsoft Configuration Manager stems from improper neutralization of special elements used in SQL commands, leading to a potential SQL injection issue. Exploitation could allow an authorized attacker to execute code on an adjacent network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DELMIA Apriso versions 2019 through 2024 **Description** The issue is related to an unsafe .NET object deserialization, which could lead to pre-authentication remote code execution. **Recommendations** For DELMIA Apriso versions 2019 through 2024, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** DELMIA Apriso versions Release 2019 through Release 2024 **Description** The issue is related to an unsafe .NET object deserialization, which could lead to post-authentication remote code execution. **Recommendations** For DELMIA Apriso versions Release 2019 through Release 2024, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Configuration Manager versions prior to 2403 (5.00.9128.1024) Microsoft Configuration Manager versions prior to 2309 (5.00.9122.1033) Microsoft Configuration Manager versions prior to 2303 (5.00.9106.1037) Microsoft Configuration Manager versions less than or equal to 2211 **Description** Microsoft Configuration Manager (ConfigMgr/SCCM) contains a critical SQL injection vulnerability in the MP Location service. This flaw allows unauthenticated, remote attackers to execute arbitrary SQL queries with the highest privileges on the Microsoft Configuration Manager site database. Successful exploitation can lead to remote code execution on affected systems. Proof-of-concept (PoC) code is publicly available. CISA has added this vulnerability (CVE-2024-43468) to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation. The vulnerability stems from improper neutralization of user-supplied input, specifically a failure to protect the SQL query structure. Exploitation involves sending crafted HTTP requests to the ConfigMgr console services. Approximately 37,000+ services are estimated to be affected globally. **Recommendations** Microsoft Configuration Manager versions prior to 2403 (5.00.9128.1024): Apply the relevant Microsoft hotfix or upgrade to a newer version. Microsoft Configuration Manager versions prior to 2309 (5.00.9122.1033): Apply the relevant Microsoft hotfix or upgrade to a newer version. Microsoft Configuration Manager versions prior to 2303 (5.00.9106.1037): Apply the relevant Microsoft hotfix or upgrade to a newer version. Microsoft Configuration Manager versions less than or equal to 2211: Apply the relevant Microsoft hotfix or upgrade to a newer version. Restrict exposure of ConfigMgr/SQL ports (80/443/1433) to trusted networks. Hunt for anomalous SQL activity and new administrative accounts.