Novy

**Name of the Vulnerable Software and Affected Versions** PowerJob version 4.3.3 **Description** A remote command execution issue was discovered, allowing exploitation via the `instanceId` parameter at the "/instance/detail" API endpoint. **Recommendations** For PowerJob version 4.3.3, consider restricting access to the "/instance/detail" API endpoint to minimize the risk of exploitation, and avoid using the `instanceId` parameter until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyscreamer Open Source Nevado JMS version 1.3.2 **Description** The issue allows attackers to execute arbitrary commands by supplying crafted data due to the lack of security checks when receiving messages. **Recommendations** For Skyscreamer Open Source Nevado JMS version 1.3.2, consider implementing security checks for incoming messages to prevent the execution of arbitrary commands until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** wuta jox version 1.16 **Description** An XML External Entity (XXE) vulnerability exists in the readObject method in JOXSAXBeanInput. This issue allows for the exploitation of XML external entities, potentially leading to unauthorized access to sensitive data. The `readObject` method is vulnerable, specifically in the context of `JOXSAXBeanInput`. **Recommendations** For wuta jox version 1.16, consider disabling the `readObject` method in `JOXSAXBeanInput` until a patch is available to prevent potential exploitation of the XXE vulnerability. Restrict access to the `JOXSAXBeanInput` module to minimize the risk of exploitation. Avoid using the `readObject` method in the affected `JOXSAXBeanInput` class until the issue is resolved.