Michael Benich

**Name of the Vulnerable Software and Affected Versions** Infor-Lawson (formerly ESBUS) versions (affected versions not specified) **Description** The issue concerns SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This can be achieved via the `TABLE` parameter to the "esbus/servlet/GetSQLData" endpoint or the `QUERY` parameter to the "KK LS9ReportingPortal/GetData" endpoint. **Recommendations** For all affected versions, consider restricting access to the "esbus/servlet/GetSQLData" and "KK LS9ReportingPortal/GetData" endpoints until a patch is available. As a temporary workaround, avoid using the `TABLE` and `QUERY` parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EPSON TMNet WebConfig version 1.00 **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the `W AD1` parameter to "Forms/oadmin 1". **Recommendations** For EPSON TMNet WebConfig version 1.00, avoid using the `W AD1` parameter in the "Forms/oadmin 1" endpoint until the issue is resolved.