Patrick Murphy

**Name of the Vulnerable Software and Affected Versions** Oracle Planning and Budgeting Cloud Service versions 25.04.07 **Description** A flaw exists in the Oracle Planning and Budgeting Cloud Service, specifically within the EPM Agent component. A highly privileged attacker with access to the system can compromise the service. Exploitation requires interaction from a user other than the attacker and can lead to unauthorized modification, deletion, or creation of data within Oracle Planning and Budgeting Cloud Service. **Recommendations** Update EPM Agent. Refer to documentation for downloading the EPM Agent.

**Name of the Vulnerable Software and Affected Versions** Oracle Planning and Budgeting Cloud Service versions 25.04.07 **Description** A flaw exists within the Oracle Planning and Budgeting Cloud Service, specifically in the EPM Agent component. A highly privileged attacker with access to the system can compromise the service. Exploitation requires interaction from someone other than the attacker and could lead to unauthorized access to sensitive data or complete data access. **Recommendations** Update the EPM Agent.

**Name of the Vulnerable Software and Affected Versions** Cloudflare WARP client for Windows versions up to 2022.5.309.0 **Description** The issue allows creation of mount points from the ProgramData folder of the Cloudflare WARP client during its installation. This could lead to privilege escalation and the overwrite of SYSTEM protected files. **Recommendations** For versions up to 2022.5.309.0, consider restricting access to the ProgramData folder as a temporary mitigation measure until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.