Octav Opaschi

Name of the Vulnerable Software and Affected Versions: Confluent Ansible (cp-ansible) versions 5.5.0 through 6.0.0 Description: The issue allows local attackers to access sensitive information, including private keys and the state database, due to insecure permissions. Recommendations: For versions 5.5.0 through 6.0.0, update the permissions to secure sensitive information, ensuring that only authorized access is allowed to private keys and the state database. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Confluent Ansible (cp-ansible) versions 5.5.0 through 6.0.0 Description: The issue is related to Incorrect Access Control via an auxiliary component, allowing remote attackers to access sensitive information. Recommendations: For versions 5.5.0 through 6.0.0, update to a version that fixes the Incorrect Access Control issue to prevent remote attackers from accessing sensitive information.

**Name of the Vulnerable Software and Affected Versions** Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode (affected versions not specified) **Description** A vulnerability could allow an authenticated, remote attacker to access sensitive information. The issue occurs because the affected software does not properly validate user-supplied input. An attacker could exploit this by issuing certain commands with filtered query results on the device, potentially causing returned messages to display confidential system information. A successful exploit could allow the attacker to read sensitive information on the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Application Policy Infrastructure Controller versions prior to 4.2(0.21c) **Description** The issue is related to insufficient access control when connecting via IPv6, which could allow an attacker to gain unauthorized access to the device. This is due to a lack of proper access control mechanisms for IPv6 link-local connectivity imposed on the management interface of an affected device. An attacker on the same physical network could exploit this by attempting to connect to the IPv6 link-local address on the affected device, potentially bypassing default access control restrictions. **Recommendations** For versions prior to 4.2(0.21c), update to version 4.2(0.21c) or later to resolve the issue. As a temporary workaround, consider restricting access to the management interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Cordaware bestinformed Microsoft Windows client versions prior to 6.2.1.0 **Description** The issue is related to insecure implementations in the Scripting and AutoUpdate functionality, allowing remote attackers to execute arbitrary commands and escalate privileges. **Recommendations** For versions prior to 6.2.1.0, update to version 6.2.1.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows client versions prior to 6.2.1.0 **Description** The issue concerns insecure SSL certificate verification and insecure access patterns, allowing remote attackers to downgrade encrypted connections to cleartext. **Recommendations** For versions prior to 6.2.1.0, update to version 6.2.1.0 or later to resolve the issue.