N33Dle

**Name of the Vulnerable Software and Affected Versions** Mulesoft APIkit versions prior to 1.3.1 **Description** The issue allows XXE (XML External Entity) attacks due to a problem in the validation process, specifically in the RestXmlSchemaValidator.java file. This could potentially affect a large number of devices worldwide, although the exact number is not specified. **Recommendations** For versions prior to 1.3.1, update to version 1.3.1 or later to resolve the issue. As a temporary workaround, consider disabling the `validation/RestXmlSchemaValidator.java` component until a patch is available. Restrict access to XML schema validation to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Azkaban versions prior to 3.84.1 **Description** The issue allows XXE (XML External Entity) attacks, which is related to the `XmlValidatorManager.java` and `XmlUserManager.java` files in the validator and user directories, respectively. This can potentially lead to unauthorized access to sensitive data. **Recommendations** For versions prior to 3.84.1, update to version 3.84.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `XmlValidatorManager` and `XmlUserManager` classes until a patch is available. Avoid using external XML entities in the affected modules to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Osmand versions prior to 2.1 **Description** The issue allows XXE (XML External Entity) attacks due to a problem in the binary/BinaryMapIndexReader.java file. This could potentially lead to unauthorized access to data. **Recommendations** For Osmand versions prior to 2.1, as a temporary workaround, consider restricting access to the binary/BinaryMapIndexReader.java file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.