Moshe Mizrahi

**Name of the Vulnerable Software and Affected Versions** StarTrinity Softswitch version 2023-02-16 **Description** The issue is related to multiple CSRF (CWE-352) problems. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For StarTrinity Softswitch version 2023-02-16, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** StarTrinity Softswitch version 2023-02-16 **Description** The issue is related to Multiple Reflected XSS (CWE-79). No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For StarTrinity Softswitch version 2023-02-16, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** StarTrinity Softswitch version 2023-02-16 **Description** The issue is related to a Persistent XSS (CWE-79) in StarTrinity Softswitch. **Recommendations** For StarTrinity Softswitch version 2023-02-16, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** StarTrinity Softswitch version 2023-02-16 **Description** The issue is related to an Open Redirect, which is a type of security vulnerability. This vulnerability allows an attacker to redirect a user to a malicious website, potentially leading to phishing or other types of attacks. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For StarTrinity Softswitch version 2023-02-16, consider restricting access to sensitive areas of the application to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Farsight Tech Nordic AB ProVide version 14.5 **Description** Multiple XSS vulnerabilities can be exploited by a user with administrator privilege. **Recommendations** For version 14.5, consider disabling access to administrator privileges until a patch is available. Restrict access to potentially vulnerable modules or functions to minimize the risk of exploitation. Avoid using potentially vulnerable API endpoints or parameters until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WJJ Software - InnoKB Server, InnoKB/Console version 2.2.1 **Description** The issue is related to reflected cross-site scripting (RXSS) through an unspecified request. This allows for potential malicious script injection and execution. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For version 2.2.1, update to a version that includes a fix for the reflected cross-site scripting issue, however, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WJJ Software - InnoKB Server, InnoKB/Console version 2.2.1 **Description** The issue is related to a path traversal problem, which is a type of security weakness that allows an attacker to access files or directories outside the intended directory structure. This can potentially lead to unauthorized access to sensitive data. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For version 2.2.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM WebSphere DataPower Appliances versions 7.1 through 7.6 **Description** The issue allows for a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this to expose sensitive information or consume memory resources. **Recommendations** For versions 7.1 through 7.6, update to a version that includes the fix for this issue to prevent XXE attacks. As a temporary workaround, consider restricting XML data processing to minimize the risk of exploitation.