Olga Yanushkevich

**Name of the Vulnerable Software and Affected Versions** Redmine versions prior to 3.2.3 **Description** The issue affects Textile and Markdown text formatting, as well as project homepages, and is related to stored XSS vulnerabilities. **Recommendations** For versions prior to 3.2.3, update to version 3.2.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** BMC BladeLogic Server Automation (BSA) versions 8.2.x through 8.7.x **Description** The issue allows remote attackers to bypass authorization and enumerate users by sending an action packet to the xmlrpc endpoint after an authorization failure. This occurs due to a flaw in the RPC API in the RSCD agent on Linux and UNIX systems. **Recommendations** For versions 8.2.x through 8.7.x, consider restricting access to the xmlrpc endpoint to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** BMC BladeLogic Server Automation versions 8.2.x through 8.7.x **Description** The issue allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet to `xmlrpc` after an authorization failure. This is related to the RPC API in the RSCD agent on Linux and UNIX systems. **Recommendations** For versions 8.2.x through 8.7.x, consider restricting access to the `xmlrpc` endpoint to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the ability to send action packets after authorization failures.