Murat Aydemir

**Name of the Vulnerable Software and Affected Versions** Barco Control Room Management through Suite 2.9 Build 0275 **Description** The issue allows attackers to access sensitive information and components through directory traversal. Requests must begin with the "GET /...." substring, enabling access to restricted areas. **Recommendations** For Barco Control Room Management through Suite 2.9 Build 0275, as a temporary workaround, consider restricting access to sensitive information and components until a patch is available. Avoid using requests that begin with the "GET /...." substring in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** M-Files Server versions prior to 21.12.10873.0 M-Files Web versions prior to 21.12.10873.0 **Description** The issue is related to a lack of rate limiting in certain types of user accounts, which allows for an unlimited number of attempts, making it easier for attackers to brute-force login accounts. **Recommendations** For M-Files Server versions prior to 21.12.10873.0, update to version 21.12.10873.0 or later. For M-Files Web versions prior to 21.12.10873.0, update to version 21.12.10873.0 or later.

**Name of the Vulnerable Software and Affected Versions** M-Files Web versions prior to 20.10.9524.1 **Description** The issue allows a denial of service via overlapping ranges in HTTP requests with crafted `Range` or `Request-Range` headers. It is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual web application. **Recommendations** For versions prior to 20.10.9524.1, update to version 20.10.9524.1 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted HTTP requests with overlapping ranges in the `Range` or `Request-Range` headers until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SAE IT-systems FW-50 Remote Telemetry Unit (RTU) (affected versions not specified) **Description** A specially crafted request could allow an attacker to view the file structure of the affected device and access files that should be inaccessible. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Systech Corporation NDS-5000 Terminal Server, NDS/5008 (8 Port, RJ45) version 02D.30 **Description** The issue could allow information disclosure, limit system availability, and may allow remote code execution. **Recommendations** For version 02D.30, update the firmware to a version that addresses this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GE S2020/S2020G Fast Switch 61850 versions 07A03 and prior **Description** The issue allows an attacker to inject arbitrary Javascript in a specially crafted HTTP request, which may be reflected back in the HTTP response. This can lead to a stored cross-site scripting vulnerability, potentially enabling session hijacking, disclosure of sensitive data, cross-site request forgery (CSRF) attacks, and remote code execution. **Recommendations** For GE S2020/S2020G Fast Switch 61850 versions 07A03 and prior, update to a version later than 07A03 to resolve the issue. As a temporary workaround, consider restricting access to the device and implementing additional security measures to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine OpManager versions prior to 12.3 build 123214 **Description** The issue allows for Unrestricted Arbitrary File Upload. **Recommendations** For versions prior to 12.3 build 123214, update to version 12.3 build 123214 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine OpManager version 12.3 before build 123214 **Description** The issue is related to a Cross-Site Scripting (XSS) problem. **Recommendations** For Zoho ManageEngine OpManager version 12.3 before build 123214, update to a version that includes build 123214 or later to resolve the issue.