Moritz Lottermann

**Name of the Vulnerable Software and Affected Versions** UCI IDOL 2 versions through 2.12 **Description** The issue is caused by improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer. This makes UCI IDOL 2 vulnerable to Denial-of-Service (DoS) attacks and possibly remote code execution. A certain XmlMessage document can cause 100% CPU consumption. **Recommendations** For versions through 2.12, consider disabling the processing of XmlMessage documents until a patch is available to prevent 100% CPU consumption and potential Denial-of-Service (DoS) attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Omikron MultiCash Desktop version 4.00.008.SP5 **Description** The issue arises from a client-side authentication mechanism. When a user logs in, the password validity is checked locally. All database backend communication uses the same technical account. An attacker can exploit this by attaching a debugger to the process or creating a patch that manipulates the login function to always return a success value, allowing login with any account, including the administrative account. **Recommendations** For Omikron MultiCash Desktop version 4.00.008.SP5, consider disabling the login function until a patch is available to prevent exploitation. Restrict access to the administrative account to minimize risk. Avoid using the application until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.