Orange Tsai

Name of the Vulnerable Software and Affected Versions: Microsoft Excel versions (affected versions not specified) Microsoft 365 Apps for Enterprise versions (affected versions not specified) Microsoft Office versions (affected versions not specified) Microsoft Office Long Term Servicing Channel versions (affected versions not specified) Microsoft Office Online Server versions (affected versions not specified) Description: The issue is related to a lack of data sanitization at the management level in Microsoft Office packages, including Microsoft Excel. Exploitation of this issue may allow an attacker to execute arbitrary code using a specially crafted malicious file. Recommendations: For Microsoft Excel, consider disabling the execution of external files until a patch is available. For Microsoft 365 Apps for Enterprise, restrict access to potentially vulnerable components to minimize the risk of exploitation. For Microsoft Office, Microsoft Office Long Term Servicing Channel, and Microsoft Office Online Server, avoid using potentially vulnerable features or modules until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Apache Subversion versions up to and including 1.14.3 Description: On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed. This issue affects Windows platforms only and does not impact UNIX-like platforms. Recommendations: For Apache Subversion versions up to and including 1.14.3, upgrade to version 1.14.4, which fixes this issue.

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions prior to 2.4.60 Description: The issue is related to Server-Side Request Forgery (SSRF) in the Apache HTTP Server on Windows, which can potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content. Existing configurations that access UNC paths will have to configure the new directive "UNCList" to allow access during request processing. Recommendations: To resolve the issue, users are recommended to upgrade to version 2.4.60, which fixes this problem. Existing configurations that access UNC paths should configure the new directive "UNCList" to allow access during request processing.

**Name of the Vulnerable Software and Affected Versions** WinRAR (affected versions not specified) **Description** This issue allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of WinRAR. User interaction is required to exploit this issue, where the target must perform a specific action on a malicious page. The flaw exists within the archive extraction functionality, where a crafted archive entry can cause the creation of an arbitrary file without the Mark-Of-The-Web. An attacker can leverage this in conjunction with other issues to execute arbitrary code in the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.59 and earlier Description: The issue is related to a potential Server-Side Request Forgery (SSRF) in the mod rewrite module of the Apache HTTP Server. This allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod proxy. The vulnerability is due to insufficient validation of incoming requests. Recommendations: For Apache HTTP Server versions 2.4.59 and earlier, upgrade to version 2.4.60, which fixes this issue.

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.59 and earlier Description: A null pointer dereference in the mod proxy module of Apache HTTP Server allows an attacker to crash the server via a malicious request. This issue can be exploited by a remote attacker to cause a denial of service. Recommendations: For Apache HTTP Server versions 2.4.59 and earlier, upgrade to version 2.4.60, which fixes this issue. As a temporary workaround, consider restricting access to the mod proxy module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Synology Router Manager versions prior to 1.3.1-9346-9 **Description** The issue is related to an improper limitation of a pathname to a restricted directory, also known as a 'Path Traversal' vulnerability, in the OTP reset functionality. This vulnerability allows remote authenticated users to delete arbitrary files via unspecified vectors. **Recommendations** For Synology Router Manager versions prior to 1.3.1-9346-9, update to version 1.3.1-9346-9 or later to resolve the issue. As a temporary workaround, consider restricting access to the OTP reset functionality until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Apache HTTP Server versions through 2.4.58 **Description** The issue is related to faulty input validation in the core of Apache, allowing malicious or exploitable backend/content generators to split HTTP responses. This can be exploited by a remote attacker to perform HTTP response splitting attacks. The vulnerability is associated with the failure to handle CRLF sequences in HTTP headers. **Recommendations** For Apache HTTP Server versions through 2.4.58, update to a version newer than 2.4.58 to resolve the issue. As a temporary workaround, consider restricting access to vulnerable backend or content generators to minimize the risk of exploitation. Avoid using HTTP headers that may contain malicious CRLF sequences until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Synology Router Manager versions prior to 1.2.5-8227-6 Synology Router Manager versions prior to 1.3.1-9346-3 **Description** The issue is related to an OS command injection vulnerability in the CGI component of Synology Router Manager. This vulnerability allows a remote attacker to execute arbitrary code. **Recommendations** For versions prior to 1.2.5-8227-6, update to version 1.2.5-8227-6 or later. For versions prior to 1.3.1-9346-3, update to version 1.3.1-9346-3 or later.

**Name of the Vulnerable Software and Affected Versions** WSO2 API Manager versions 2.2.0 through 4.0.0 WSO2 Identity Server versions 5.2.0 through 5.11.0 WSO2 Identity Server Analytics versions 5.4.0, 5.4.1, 5.5.0, and 5.6.0 WSO2 Identity Server as Key Manager versions 5.3.0 through 5.11.0 WSO2 Enterprise Integrator versions 6.2.0 through 6.6.0 WSO2 Open Banking AM versions 1.4.0 through 2.0.0 WSO2 Open Banking KM versions 1.4.0 through 2.0.0 **Description** Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a "/fileupload" endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This vulnerability can be exploited by uploading malicious JSP files to the server, allowing unauthorized remote code execution. **Recommendations** For WSO2 API Manager versions 2.2.0 through 4.0.0, update to a version that contains a fix for this vulnerability. For WSO2 Identity Server versions 5.2.0 through 5.11.0, update to a version that contains a fix for this vulnerability. For WSO2 Identity Server Analytics versions 5.4.0, 5.4.1, 5.5.0, and 5.6.0, update to a version that contains a fix for this vulnerability. For WSO2 Identity Server as Key Manager versions 5.3.0 through 5.11.0, update to a version that contains a fix for this vulnerability. For WSO2 Enterprise Integrator versions 6.2.0 through 6.6.0, update to a version that contains a fix for this vulnerability. For WSO2 Open Banking AM versions 1.4.0 through 2.0.0, update to a version that contains a fix for this vulnerability. For WSO2 Open Banking KM versions 1.4.0 through 2.0.0, update to a version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the "/fileupload" endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Samba versions prior to 4.13.17 Samba versions prior to 4.14.12 Samba versions prior to 4.15.5 **Description** The Samba vfs fruit module uses extended file attributes to provide enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. The vulnerability is related to an out-of-bounds heap read and write via specially crafted extended file attributes. The affected module is used for enhanced compatibility with Apple SMB clients and Netatalk 3 AFP file servers. **Recommendations** For Samba versions prior to 4.13.17, update to version 4.13.17 or apply the corresponding patches. For Samba versions prior to 4.14.12, update to version 4.14.12 or apply the corresponding patches. For Samba versions prior to 4.15.5, update to version 4.15.5 or apply the corresponding patches. As a temporary workaround, consider restricting access to the vulnerable vfs fruit module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Exchange Server (affected versions not specified) **Description** The issue is related to insufficient access controls in Microsoft Exchange Server, which can be exploited by a remote attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Exchange Server (affected versions not specified) **Description** The issue is related to incorrect code generation management in Microsoft Exchange Server. It allows a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Exchange Server versions 2013 through 2019 **Description** The issue is related to a security feature bypass vulnerability in Microsoft Exchange Server, which can be exploited by a remote attacker to execute arbitrary code with SYSTEM privileges. This vulnerability is associated with errors in security settings. There have been real-world incidents where this issue was exploited, including the Change Healthcare hack, where attackers used stolen credentials without multi-factor authentication. The UnitedHealth group was also affected. Additionally, there have been reports of ransomware gangs taking credit for disruptive cyberattacks, such as the MGM Resorts cyberattack. The vulnerability has been classified as critical, with a mainstream maturity level. **Recommendations** For Microsoft Exchange Server versions 2013 through 2019, update to a version that includes the security fix for this issue. As a temporary workaround, consider restricting access to sensitive areas of the system to minimize the risk of exploitation. Avoid using stolen or weak credentials, and ensure multi-factor authentication is enabled to prevent unauthorized access. Restrict access to the system from remote locations, if possible, until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Exchange Server versions prior to the fixed version **Description** The vulnerability in Microsoft Exchange Server is related to insufficient validation of incoming requests, allowing a remote attacker to execute arbitrary code. This can be achieved by sending specially crafted HTTPS requests, potentially containing malicious files and cookies, such as X-AnonResource-Backend and X-BEResource. The issue has been exploited in real-world incidents, with estimated numbers of affected devices not explicitly stated. Technical details include the exploitation of the vulnerability through API endpoints, although specific endpoints are not mentioned in the provided descriptions. The vulnerability has been used by various threat actors, including state-sponsored hackers, to breach email systems and steal data globally. **Recommendations** Update all Microsoft Exchange servers with the latest security patches to address the vulnerability. As a temporary workaround, consider restricting access to vulnerable components until a patch is available. Apply configuration changes and follow best practices to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MobileIron Core versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 MobileIron Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 MobileIron Sentry versions 9.7.2 and earlier, and 9.8.0 MobileIron Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier **Description** The issue is related to insufficient access control in MobileIron products, allowing a remote attacker to execute arbitrary code. This can be achieved via unspecified vectors, potentially leading to remote code execution. **Recommendations** For MobileIron Core versions 10.3.0.3 and earlier, update to version 10.3.0.4 or later. For MobileIron Core versions 10.4.x, update to version 10.4.0.4 or later. For MobileIron Core versions 10.5.x, update to version 10.5.1.1 or later. For MobileIron Core versions 10.5.2.x, update to version 10.5.2.1 or later. For MobileIron Core versions 10.6.x, update to version 10.6.0.1 or later. For MobileIron Connector versions 10.3.0.3 and earlier, update to version 10.3.0.4 or later. For MobileIron Connector versions 10.4.x, update to version 10.4.0.4 or later. For MobileIron Connector versions 10.5.x, update to version 10.5.1.1 or later. For MobileIron Connector versions 10.5.2.x, update to version 10.5.2.1 or later. For MobileIron Connector versions 10.6.x, update to version 10.6.0.1 or later. For MobileIron Sentry versions 9.7.2 and earlier, update to version 9.7.3 or later. For MobileIron Sentry version 9.8.0, update to version 9.8.1 or later. For MobileIron Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier, update to a version later than 2.0.0.1.

Name of the Vulnerable Software and Affected Versions: Exim versions prior to 4.94 Description: The issue is related to an out-of-bounds read in the SPA authenticator of the Exim mail server, specifically in components auths/spa.c and auths/auth-spa.c. This could result in SPA/NTLM authentication bypass, potentially allowing a remote attacker to access confidential data. Recommendations: For Exim versions prior to 4.94, update to version 4.94 or later to resolve the issue. As a temporary workaround, consider restricting access to the SPA authenticator until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PAN-OS versions 7.1.18 and earlier PAN-OS versions 8.0.11-h1 and earlier PAN-OS versions 8.1.2 and earlier **Description** The issue exists due to insufficient input validation in the GlobalProtect portal and GlobalProtect Gateway interface of the PAN-OS operating system. Exploitation of this issue may allow an unauthenticated remote attacker to execute arbitrary code by sending a specially crafted request. Mass scanning activity has been detected, checking for vulnerable Palo Alto SSL VPN servers. Successful exploitation allows an unauthenticated attacker to execute arbitrary code. **Recommendations** For PAN-OS versions 7.1.18 and earlier, update to a version later than 7.1.18. For PAN-OS versions 8.0.11-h1 and earlier, update to a version later than 8.0.11-h1. For PAN-OS versions 8.1.2 and earlier, update to a version later than 8.1.2. As a temporary workaround, consider disabling the GlobalProtect Portal or GlobalProtect Gateway Interface until a patch is available. Restrict access to the GlobalProtect portal and GlobalProtect Gateway interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Pulse Secure Pulse Connect Secure (PCS) versions 8.1R15.0 and earlier Pulse Secure Pulse Connect Secure (PCS) versions 8.2R12.0 and earlier Pulse Secure Pulse Connect Secure (PCS) versions 8.3R7.0 and earlier Pulse Secure Pulse Connect Secure (PCS) versions 9.0R3.3 and earlier **Description** The issue allows an authenticated attacker, via the admin web interface, to exploit Directory Traversal and execute arbitrary code on the appliance. **Recommendations** For versions 8.1R15.0 and earlier, update to version 8.1R15.1 or later. For versions 8.2R12.0 and earlier, update to version 8.2R12.1 or later. For versions 8.3R7.0 and earlier, update to version 8.3R7.1 or later. For versions 9.0R3.3 and earlier, update to version 9.0R3.4 or later.

**Name of the Vulnerable Software and Affected Versions** Pulse Connect Secure versions 9.0RX prior to 9.0R3.4 Pulse Connect Secure versions 8.3RX prior to 8.3R7.1 Pulse Connect Secure versions 8.2RX prior to 8.2R12.1 Pulse Connect Secure versions 8.1RX prior to 8.1R15.1 Pulse Policy Secure versions 9.0RX prior to 9.0R3.2 Pulse Policy Secure versions 5.4RX prior to 5.4R7.1 Pulse Policy Secure versions 5.3RX prior to 5.3R12.1 Pulse Policy Secure versions 5.2RX prior to 5.2R12.1 Pulse Policy Secure versions 5.1RX prior to 5.1R15.1 **Description** The issue is related to insufficient input validation in the administrative web interface of Pulse Connect Secure, allowing a remote attacker to execute arbitrary code by sending a specially crafted request. The admin web interface permits an authenticated attacker to inject and execute commands. **Recommendations** For Pulse Connect Secure versions 9.0RX prior to 9.0R3.4, update to version 9.0R3.4 or later. For Pulse Connect Secure versions 8.3RX prior to 8.3R7.1, update to version 8.3R7.1 or later. For Pulse Connect Secure versions 8.2RX prior to 8.2R12.1, update to version 8.2R12.1 or later. For Pulse Connect Secure versions 8.1RX prior to 8.1R15.1, update to version 8.1R15.1 or later. For Pulse Policy Secure versions 9.0RX prior to 9.0R3.2, update to version 9.0R3.2 or later. For Pulse Policy Secure versions 5.4RX prior to 5.4R7.1, update to version 5.4R7.1 or later. For Pulse Policy Secure versions 5.3RX prior to 5.3R12.1, update to version 5.3R12.1 or later. For Pulse Policy Secure versions 5.2RX prior to 5.2R12.1, update to version 5.2R12.1 or later. For Pulse Policy Secure versions 5.1RX prior to 5.1R15.1, update to version 5.1R15.1 or later.