Mehmet D. Ince

**Name of the Vulnerable Software and Affected Versions** Logpoint versions prior to 7.5.0 **Description** An issue was discovered in Logpoint where authenticated users can inject payloads in Report Templates. These payloads are executed when the backup process is initiated, leading to Remote Code Execution. **Recommendations** For versions prior to 7.5.0, update to version 7.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Report Templates feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Logpoint versions prior to 7.5.0 **Description** The issue allows authenticated users to inject payloads while querying the Search Template Dashboard. These payloads are executed, leading to Server-Side Template Injection. **Recommendations** For versions prior to 7.5.0, update to version 7.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Search Template Dashboard to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Logpoint UniversalNormalizer versions prior to 5.7.0 **Description** An issue was discovered in Logpoint UniversalNormalizer where authenticated users can inject payloads while creating Universal Normalizer, leading to Remote Code Execution. **Recommendations** For versions prior to 5.7.0, update to version 5.7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Universal Normalizer creation feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Logpoint versions prior to 7.5.0 **Description** A problem was discovered in Logpoint where authenticated users can inject payloads while creating the Search Template Dashboard. These payloads are executed, leading to Server-Side Template Injection. **Recommendations** For versions prior to 7.5.0, update to version 7.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Search Template Dashboard feature until a patch is applied. Avoid allowing users to inject custom payloads when creating dashboards to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Logpoint versions prior to 7.5.0 **Description** An issue was discovered in Logpoint where unvalidated input during the EventHub Collector setup by an authenticated user leads to Remote Code execution. The issue is related to improper authentication in the EventHub Collector Setup. **Recommendations** For versions prior to 7.5.0, upgrade the affected component to version 7.5.0 or later to mitigate the risk. As a temporary workaround, consider restricting access to the EventHub Collector setup to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Logpoint versions prior to 7.5.0 **Description** An issue was discovered in Logpoint where endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users to register their own authentication plugins, resulting in unauthorized access. **Recommendations** For versions prior to 7.5.0, update to version 7.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the endpoints for creating, editing, or deleting third-party authentication modules to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** Logpoint versions prior to 7.5.0 **Description** An issue was discovered in Logpoint where an endpoint used by Distributed Logpoint Setup was exposed. This exposure allows unauthenticated attackers to bypass CSRF protections and authentication. **Recommendations** For versions prior to 7.5.0, update to version 7.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Distributed Logpoint Setup endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Logpoint versions prior to 7.5.0 **Description** An issue in Logpoint allows Server-Side Request Forgery (SSRF) on SOAR, which can be used to leak Logpoint's API Token, leading to authentication bypass. **Recommendations** For versions prior to 7.5.0, update to version 7.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the SOAR component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Logpoint versions prior to 7.5.0 **Description** An issue was discovered in Logpoint where SOAR uses a static JWT secret key to generate tokens, allowing access to SOAR API endpoints without authentication. This enables attackers to create custom JWT secret keys for unauthorized access to these endpoints. **Recommendations** For versions prior to 7.5.0, update to version 7.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the SOAR API endpoints until a patch is available. Avoid using static JWT secret keys in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WECON LeviStudioU versions prior to Release Build 2019-09-21 **Description** A heap-based buffer overflow issue exists when processing project files. Opening a specially crafted project file could allow an attacker to execute code under the privileges of the application. **Recommendations** For versions prior to Release Build 2019-09-21, consider avoiding the use of project files from untrusted sources until a fix is available. As a temporary workaround, restrict access to project file processing to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** LeviStudioU versions 2019-09-21 and prior **Description** Multiple buffer overflow vulnerabilities exist when the application processes project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application. **Recommendations** For versions 2019-09-21 and prior, consider avoiding the use of project files from untrusted sources until a patch is available. As a temporary workaround, restrict the processing of project files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.