Michele Romano

**Name of the Vulnerable Software and Affected Versions** IBM Aspera Web Application version 1.9.14 PL1 **Description** The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session. **Recommendations** For IBM Aspera Web Application version 1.9.14 PL1, update to a version that addresses this issue to prevent cross-site scripting attacks.

**Name of the Vulnerable Software and Affected Versions** Jenkins versions 2.218 and earlier Jenkins LTS versions 2.204.1 and earlier **Description** The issue allows for clickjacking attacks due to the absence of the `X-Frame-Options: deny` HTTP header in REST API responses. An attacker could exploit this by tricking a user into performing an action on a specially crafted web page that embeds a REST API endpoint in an iframe, potentially allowing the attacker to learn the content of that endpoint. **Recommendations** For Jenkins versions 2.218 and earlier, update to version 2.219 or later. For Jenkins LTS versions 2.204.1 and earlier, update to version 2.204.2 or later.