Pasquale Fiorillo

**Name of the Vulnerable Software and Affected Versions** QNAP QTS versions prior to 4.2.4 Build 20170313 **Description** The issue allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration file. **Recommendations** For versions prior to 4.2.4 Build 20170313, update to version 4.2.4 Build 20170313 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Veeam Backup & Replication versions prior to 8.0 update 3 **Description** The issue allows local users to obtain sensitive information by reading log files with world-readable permissions, where local administrator credentials are stored. This is due to the storage of credentials in log files by VeeamVixProxy. **Recommendations** For versions prior to 8.0 update 3, update to version 8.0 update 3 or later to resolve the issue. As a temporary workaround, consider restricting access to the log files to minimize the risk of exploitation.