Niv Levy

**Name of the Vulnerable Software and Affected Versions** SysAid versions prior to 23.2.14 b18 **Description** The issue allows for Server-Side Request Forgery (SSRF), which may expose the local OS user's NTLMv2 hash. **Recommendations** For versions prior to 23.2.14 b18, update to version 23.2.14 b18 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive resources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Sysaid (affected versions not specified) **Description** A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sysaid (affected versions not specified) **Description** The issue allows authenticated users to exfiltrate files from the server via an unspecified method. This is related to files or directories being accessible to external parties. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Guacamole versions 0.9.8 through 0.9.9 **Description** A cross-site scripting (XSS) issue exists in the file browser when file transfer is enabled to a shared location. This allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. **Recommendations** For Guacamole versions 0.9.8 and 0.9.9, update the guacamole.war file to the version fixed on 2016-01-13 to resolve the issue.