Mohamed Youssef

**Name of the Vulnerable Software and Affected Versions** SyncBreeze version 15.2.24 **Description** SyncBreeze version 15.2.24 is subject to a denial of service condition within its login authentication process. An attacker can disrupt service availability by sending an oversized `password` parameter to the login endpoint. Specifically, repeatedly including 'password=' values can overwhelm the system and cause a crash. The vulnerable API endpoint is the login endpoint. **Recommendations** Limit the size of the `password` parameter accepted by the login authentication mechanism.

**Name of the Vulnerable Software and Affected Versions** Cisco Unified Communications Manager versions (affected versions not specified) Cisco Unified Communications Manager Session Management Edition versions (affected versions not specified) **Description** A vulnerability in the Self Care Portal could allow an authenticated, remote attacker to modify data on an affected system without proper authorization. The issue is due to insufficient validation of user-supplied data to the Self Care Portal. An attacker could exploit this by sending a crafted HTTP request to an affected system, potentially allowing them to modify information without proper authorization. **Recommendations** For Cisco Unified Communications Manager, update to a version that includes the fix for this issue. For Cisco Unified Communications Manager Session Management Edition, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Self Care Portal until a patch is available.