Oscar Hjelm

**Name of the Vulnerable Software and Affected Versions** SiteVision versions 4.x through 5.x **Description** The issue allows for Remote Code Execution. There is an exploit available for this issue. **Recommendations** For SiteVision versions 4.x through 5.x, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SiteVision version 4 **Description** The issue is related to incorrect access control in SiteVision 4. No further details are provided about the nature of this issue or its potential impact. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** F-Secure Radar (on-premises) versions prior to 2018-02-15 **Description** The issue involves a problem with suggested metadata tags for assets. It is related to an outbound request for the "/api/latest/vulnerabilityscans/tags/batch" API endpoint, where the `Tags` parameter in the JSON request body is vulnerable. **Recommendations** For versions prior to 2018-02-15, update to a version released after 2018-02-15 to resolve the issue. As a temporary workaround, consider restricting access to the "/api/latest/vulnerabilityscans/tags/batch" API endpoint to minimize the risk of exploitation. Avoid using the `Tags` parameter in this endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** F-Secure Radar (on-premises) versions prior to 2018-02-15 **Description** The issue concerns an unvalidated redirect that occurs when a user logs in, triggered by the `ReturnUrl` parameter. **Recommendations** For versions prior to 2018-02-15, update to a version released after 2018-02-15 to resolve the issue.