Michelin Cert

**Name of the Vulnerable Software and Affected Versions** STER versions prior to 9.5 **Description** Improper neutralization of user input within multiple Search Filters allows an authenticated attacker to perform SQL injection. This can lead to the unauthorized viewing of sensitive information, including data belonging to other users or any other data accessible by the application. **Recommendations** Update to version 9.5.

**Name of the Vulnerable Software and Affected Versions** STER versions prior to 9.5 **Description** The software employs a weak password encoding algorithm, which enables an attacker to determine password values by analyzing the encoding patterns of known passwords. **Recommendations** Update to version 9.5.

**Name of the Vulnerable Software and Affected Versions** STER versions prior to 9.5 **Description** STER uses unencrypted TCP traffic to transmit data over the network. This allows an attacker to conduct a Man-In-The-Middle attack—a technique where an attacker intercepts communication between two parties—to obtain sensitive data such as passwords, personal data, or authentication tokens. **Recommendations** Update to version 9.5.