Milton Valencia

**Name of the Vulnerable Software and Affected Versions** CA Unified Infrastructure Management (Nimsoft/UIM) versions 9.20 and below CA Unified Infrastructure Management (Nimsoft/UIM) version 20.1 CA Unified Infrastructure Management (Nimsoft/UIM) versions 20.3.x **Description** The issue is related to improper ACL handling in the robot (controller) component. A remote attacker can exploit this to execute commands, read from, or write to the target system. **Recommendations** For CA Unified Infrastructure Management (Nimsoft/UIM) versions 9.20 and below, update to a version above 9.20 to resolve the issue. For CA Unified Infrastructure Management (Nimsoft/UIM) version 20.1, update to a version other than 20.1 to resolve the issue. For CA Unified Infrastructure Management (Nimsoft/UIM) versions 20.3.x, update to a version outside of the 20.3.x range to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** pfSense versions prior to 2.3 **Description** The issue allows remote authenticated users to execute arbitrary OS commands. This is achieved by including a '|' character in the `graph` parameter of the status rrd graph img.php file, which is related to rrd graph img.php. **Recommendations** For versions prior to 2.3, update to version 2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the status rrd graph img.php file to minimize the risk of exploitation. Avoid using the '|' character in the `graph` parameter until the issue is resolved.