N B Sri Harsha

**Name of the Vulnerable Software and Affected Versions** Revive Adserver versions prior to 3.2.2 **Description** The issue allows remote attackers to hijack user authentication for certain requests, potentially causing a denial of service or modifying user account details. This can be achieved via crafted POST requests to specific scripts, such as account-user-*.php, allowing attackers to perform actions like changing the contact name and language. **Recommendations** For versions prior to 3.2.2, update to version 3.2.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Revive Adserver versions prior to 3.2.2 **Description** The issue allows remote attackers to perform unspecified actions by leveraging an unexpired session after the user has been deleted or unlinked. **Recommendations** For versions prior to 3.2.2, update to version 3.2.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Revive Adserver versions prior to 3.2.2 **Description** The issue allows local users to obtain sensitive information via the web browser cache because the software does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages. **Recommendations** For versions prior to 3.2.2, update to version 3.2.2 or later to resolve the issue.