Mikhail Klyuchnikov

**Name of the Vulnerable Software and Affected Versions** IPS Community Suite versions prior to 4.6.2 **Description** A Server-Side Request Forgery (SSRF) issue allows remote authenticated users to request arbitrary URLs or trigger deserialization via phar protocol when generating class names dynamically. In some cases, exploitation is possible by an unauthenticated user. The `gkey` parameter is an unfollow token and is involved in the vulnerability. **Recommendations** For IPS Community Suite versions prior to 4.6.2, update to version 4.6.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the phar protocol and dynamically generated class names to minimize the risk of exploitation. Avoid using the `gkey` parameter in sensitive operations until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Zimbra Collaboration (ZCS) versions 8.8.15 through 9.0 **Description** The issue concerns the mboximport functionality in Zimbra Collaboration, which allows an authenticated user with administrator rights to upload arbitrary files to the system, leading to directory traversal. This can be exploited by a remote attacker to upload arbitrary files. There are indicators showing that threat actors are using this issue to access user mailboxes and send scams. **Recommendations** For Zimbra Collaboration versions 8.8.15 through 9.0, apply the available patch to fix the authenticated remote code execution issue. As a temporary workaround, consider restricting access to the mboximport functionality until the patch is applied. Restrict administrator rights to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SAP NetWeaver (Visual Composer 7.0 RT) versions 7.30, 7.31, 7.40, 7.50 **Description** The issue is related to an unrestricted file upload vulnerability in the SAP NetWeaver platform, specifically in the Visual Composer 7.0 RT component. This vulnerability allows an attacker, authenticated as a non-administrative user, to upload a malicious file over a network and trigger its processing. The malicious file can run operating system commands with the privilege of the Java Server process, enabling the attacker to read or modify any information on the server or shut the server down, making it unavailable. **Recommendations** For SAP NetWeaver (Visual Composer 7.0 RT) versions 7.30, 7.31, 7.40, 7.50, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the file upload functionality to minimize the risk of exploitation. Restrict access to the Java Server process to prevent the execution of malicious commands.

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Device Manager On-Box Software (affected versions not specified) **Description** The issue is related to the REST API of Cisco Firepower Device Manager On-Box Software, where insufficient sanitization of user input on specific REST API commands could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. An attacker could exploit this by sending a crafted HTTP request to the API subsystem. To exploit, an attacker would need valid low-privileged user credentials. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Atlassian Jira Server and Data Center versions prior to 8.5.13 Atlassian Jira Server and Data Center versions 8.6.0 through 8.13.5 Atlassian Jira Server and Data Center versions 8.14.0 through 8.15.1 Description: The issue allows an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the "QueryComponentRendererValue!Default.jspa" endpoint. Recommendations: For versions prior to 8.5.13, update to version 8.5.13 or later. For versions 8.6.0 through 8.13.5, update to version 8.13.5 or later. For versions 8.14.0 through 8.15.1, update to version 8.15.1 or later. As a temporary workaround, consider restricting access to the "QueryComponentRendererValue!Default.jspa" endpoint until a patch is available.

Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2020.6.6441 Description: The issue concerns stored XSS that could be achieved through an issue attachment, allowing potential malicious activities. Recommendations: For versions prior to 2020.6.6441, update to version 2020.6.6441 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Cisco HyperFlex HX Data Platform (affected versions not specified) **Description** A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This issue is due to missing authentication for the upload function. An attacker could exploit this by sending a specific HTTP request to an affected device, potentially allowing the upload of files with the permissions of the `tomcat8` user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco HyperFlex HX (affected versions not specified) **Description** The issue is related to multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX, which could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. This is due to the failure to neutralize special elements used in operating system commands. Exploitation of the vulnerability may allow a remote attacker to execute arbitrary commands in the target system with root privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco HyperFlex HX Data Platform (affected versions not specified) **Description** The issue is related to the web-based management interface of Cisco HyperFlex HX, where an unauthenticated, remote attacker could perform command injection attacks against an affected device. This could allow the execution of arbitrary commands in the target system with the privileges of the `tomcat8` user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware View Planner versions prior to 4.6 Security Patch 1 **Description** The issue is related to the lack of authorization and improper input validation in the logupload web application of VMware View Planner, allowing an unauthorized attacker with network access to upload and execute a specially crafted file, leading to remote code execution within the logupload container. This can be exploited by an attacker to execute arbitrary code. **Recommendations** For versions prior to 4.6 Security Patch 1, apply the 4.6 Security Patch 1 to resolve the issue. As a temporary workaround, consider restricting access to the logupload web application to minimize the risk of exploitation. Avoid using the logupload feature until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** VMware vCenter Server versions 6.5 before 6.5 U3n VMware vCenter Server versions 6.7 before 6.7 U3l VMware vCenter Server versions 7.x before 7.0 U1c VMware Cloud Foundation versions 3.x before 3.10.1.2 VMware Cloud Foundation versions 4.x before 4.2 **Description** The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This vulnerability is related to insufficient input validation. **Recommendations** For VMware vCenter Server version 6.5, update to version 6.5 U3n or later. For VMware vCenter Server version 6.7, update to version 6.7 U3l or later. For VMware vCenter Server version 7.x, update to version 7.0 U1c or later. For VMware Cloud Foundation version 3.x, update to version 3.10.1.2 or later. For VMware Cloud Foundation version 4.x, update to version 4.2 or later. As a temporary workaround, consider restricting access to the vSphere Client (HTML5) until a patch is available.

**Name of the Vulnerable Software and Affected Versions** VMware vCenter Server versions 7.x before 7.0 U1c VMware vCenter Server versions 6.7 before 6.7 U3l VMware vCenter Server versions 6.5 before 6.5 U3n VMware Cloud Foundation versions 4.x before 4.2 VMware Cloud Foundation versions 3.x before 3.10.1.2 **Description** The vSphere Client contains a Server Side Request Forgery (SSRF) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to the vCenter Server plugin, leading to information disclosure. **Recommendations** For VMware vCenter Server versions 7.x before 7.0 U1c, update to version 7.0 U1c or later. For VMware vCenter Server versions 6.7 before 6.7 U3l, update to version 6.7 U3l or later. For VMware vCenter Server versions 6.5 before 6.5 U3n, update to version 6.5 U3n or later. For VMware Cloud Foundation versions 4.x before 4.2, update to version 4.2 or later. For VMware Cloud Foundation versions 3.x before 3.10.1.2, update to version 3.10.1.2 or later. As a temporary workaround, consider restricting access to the vCenter Server plugin to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IBM QRadar SIEM versions 7.3.0 through 7.3.3 Patch 5 IBM QRadar SIEM versions 7.4.0 through 7.4.1 Patch 1 IBM QRadar SIEM versions 7.4.2 GA through 7.4.2 Patch 1 **Description** The issue is related to insufficient server-side request validation in IBM QRadar SIEM, which can be exploited by a remote attacker to send unauthorized requests and potentially disclose protected information. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. The vulnerability can be used to forge requests on the server side of QRadar, which can at least allow for the collection of data about the infrastructure/network where this software is running. **Recommendations** For IBM QRadar SIEM versions 7.3.0 through 7.3.3 Patch 5, update to a version later than 7.3.3 Patch 5. For IBM QRadar SIEM versions 7.4.0 through 7.4.1 Patch 1, update to a version later than 7.4.1 Patch 1. For IBM QRadar SIEM versions 7.4.2 GA through 7.4.2 Patch 1, update to a version later than 7.4.2 Patch 1. As a temporary workaround, consider restricting access to the `console/chartServer` API endpoint until a patch is available. Avoid using the `data` parameter in the affected API endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) Cisco Firepower Threat Defense (FTD) Software (affected versions not specified) Description: The issue is related to insufficient validation of user-supplied input by the web services interface of affected devices, allowing an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface. An attacker could exploit this by persuading a user of the interface to click a crafted link, potentially allowing the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. The vulnerabilities affect only specific AnyConnect and WebVPN configurations. There have been reports of active exploitation of this issue. Recommendations: As a temporary workaround, consider disabling the web services interface of the affected device until a patch is available. Restrict access to the web services interface to minimize the risk of exploitation. Avoid using the interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: McAfee ePolicy Orchestrator versions prior to 5.10.9 Update 9 Description: The issue allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized. This can lead to a Cross-Site Scripting attack. The vulnerability is related to the lack of protection of the web page structure, which can be exploited by a remote attacker to perform a Cross-Site Scripting attack. Recommendations: For versions prior to 5.10.9 Update 9, update to version 5.10.9 Update 9 or later to resolve the issue. As a temporary workaround, consider restricting access to the `syncPointList` parameter to minimize the risk of exploitation. Avoid using the `syncPointList` parameter in the affected API endpoint until the issue is resolved. Restrict access to the `/PolicyMgmt/policyDetailsCard.do` endpoint to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Rapid7 Nexpose versions prior to 6.6.49 Description: The issue is related to insufficient protection of the SQL query structure, which may allow a remote attacker to elevate their privileges. It is a SQL Injection issue that may have allowed an authenticated user with a low permission level to access resources and make changes they should not have been able to access. Recommendations: For versions prior to 6.6.49, update to version 6.6.49 or later to resolve the issue. As a temporary workaround, consider restricting access to the SQL query structure to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Check Point Security Management versions prior to R80.10 Take 278 Check Point Security Management versions prior to R80.20 Take 160 Check Point Security Management versions prior to R80.30 Take 210 Check Point Security Management versions prior to R80.40 Take 38 **Description** The issue is related to weak input validation on inputs by a trusted management administrator in Check Point Security Management's Internal CA web management. This weakness can be manipulated to run commands as a high privileged user or crash the system. **Recommendations** For versions prior to R80.10 Take 278, update to R80.10 Take 278 or later. For versions prior to R80.20 Take 160, update to R80.20 Take 160 or later. For versions prior to R80.30 Take 210, update to R80.30 Take 210 or later. For versions prior to R80.40 Take 38, update to R80.40 Take 38 or later.

Name of the Vulnerable Software and Affected Versions: Atlassian Jira Server and Data Center versions prior to 7.13.6 Atlassian Jira Server and Data Center versions 8.0.0 through 8.5.7 Atlassian Jira Server and Data Center versions 8.6.0 through 8.12.0 Description: The issue is related to the "/ViewUserHover.jspa" component of the Jira error tracking system, which is associated with the storage of user credential information in an open manner. Exploitation of this issue may allow a remote attacker to disclose user credentials. An unauthenticated user can enumerate users via an Information Disclosure vulnerability in the "/ViewUserHover.jspa" endpoint. Recommendations: For versions prior to 7.13.6, update to version 7.13.6 or later. For versions 8.0.0 through 8.5.7, update to version 8.5.7 or later. For versions 8.6.0 through 8.12.0, update to version 8.12.0 or later. As a temporary workaround, consider restricting access to the "/ViewUserHover.jspa" endpoint until a patch is available. Avoid using the `username` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PAN-OS versions earlier than 8.1.16 PAN-OS versions earlier than 9.0.10 PAN-OS versions earlier than 9.1.3 **Description** The issue is an OS Command Injection vulnerability in the PAN-OS management interface. It allows authenticated administrators to execute arbitrary OS commands with root privileges. **Recommendations** For PAN-OS 8.1 versions earlier than 8.1.16, update to version 8.1.16 or later. For PAN-OS 9.0 versions earlier than 9.0.10, update to version 9.0.10 or later. For PAN-OS 9.1 versions earlier than 9.1.3, update to version 9.1.3 or later.

Name of the Vulnerable Software and Affected Versions: PAN-OS versions earlier than 8.1.16 PAN-OS versions earlier than 9.0.9 Description: A reflected cross-site scripting (XSS) issue exists in the PAN-OS management web interface. This could allow a remote attacker to execute arbitrary JavaScript code in an administrator's browser and perform administrative actions if the administrator clicks on a crafted link. The issue is related to insufficient input validation. Recommendations: For PAN-OS versions earlier than 8.1.16, update to version 8.1.16 or later. For PAN-OS versions earlier than 9.0.9, update to version 9.0.9 or later.