Micheal Reski

**Name of the Vulnerable Software and Affected Versions** Infor SyteLine ERP (affected versions not specified) **Description** The software utilizes hard-coded, static cryptographic keys for encrypting stored credentials, including user passwords, database connection strings, and API keys. These encryption keys are consistent across all installations. An attacker gaining access to the application binary and database can decrypt all stored credentials. This impacts all installations of the software, as the keys are universal. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MobaXterm versions prior to 8.3 **Description** The default configuration of the server in MobaXterm has a disabled Access Control setting, which does not require authentication for X11 connections. This allows remote attackers to execute arbitrary commands or obtain sensitive information via X11 packets. **Recommendations** For versions prior to 8.3, enable the Access Control setting to require authentication for X11 connections.