Petrus Viet

**Name of the Vulnerable Software and Affected Versions** Atlassian Confluence versions 8.0.x through 8.5.3 **Description** A template injection vulnerability in older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve remote code execution (RCE) on an affected instance. The vulnerability is being actively exploited by threat actors, with over 39,000 attempts to exploit it recorded in just three days. The exploitation of this vulnerability can lead to unauthorized code execution, allowing attackers to install malware, steal sensitive data, or disrupt operations. **Recommendations** To resolve the issue, update Confluence to version 8.5.4 or later. For versions prior to 8.5.4, apply the patch provided by Atlassian to fix the vulnerability. Additionally, consider implementing security measures such as restricting access to the vulnerable module, disabling the vulnerable function, and monitoring for suspicious activity. Note: The provided information is based on the given input and does not include any external knowledge or information not present in the input.

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine ADManager Plus versions prior to Build 7200 **Description** The issue is related to insufficient access control in the Zoho ManageEngine ADManager Plus software for managing Active Directory services. It allows a remote attacker to execute arbitrary commands with superuser privileges. Admin users can execute commands on the host machine. **Recommendations** For Zoho ManageEngine ADManager Plus versions prior to Build 7200, update to Build 7200 or later to resolve the issue. As a temporary workaround, consider restricting access to the `installServiceWithCredentials` command to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Inductive Automation Ignition (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. The specific flaw exists within the `ResponseParser` method, resulting from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. User interaction is required to exploit this vulnerability, as the target must connect to a malicious server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Inductive Automation Ignition (affected versions not specified) **Description** The issue is related to the deserialization mechanism in the RunQuery class of Inductive Automation Ignition, allowing remote attackers to execute arbitrary code on affected installations. The problem stems from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Authentication is required to exploit this vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Inductive Automation Ignition (affected versions not specified) **Description** The issue is related to the Base64Element class in Inductive Automation Ignition, which has flaws in its deserialization mechanism. This allows remote attackers to execute arbitrary code on affected installations. The problem stems from the lack of proper validation of user-supplied data, leading to the deserialization of untrusted data. An attacker can exploit this to execute code in the context of SYSTEM. Authentication is required to exploit this vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Inductive Automation Ignition (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. The specific flaw exists within the ModuleInvoke class, resulting from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Authentication is required to exploit this vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the `ModuleInvoke` class until a patch is available. Restrict access to the vulnerable `ModuleInvoke` class to minimize the risk of exploitation. Avoid using untrusted data in the `ModuleInvoke` class until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** xwiki-commons-xml versions 2.7 through 12.10.9 xwiki-commons-xml versions 13.0.0 through 13.4.3 xwiki-commons-xml versions 13.8-rc-0 and earlier **Description** The issue allows a script to access any file accessible to the user running the XWiki application server through XML External Entity Injection via the XML script service. This can be achieved by exploiting the XML script service, for example, by using a `velocity` script that sets an `xxe payload` variable with a malicious XML payload, which includes an entity that references a local file, such as `file:///etc/passwd`. The script then parses this payload using the `xml.parse()` function and serializes the result using `xml.serialize()`. The estimated number of potentially affected devices is not provided. **Recommendations** For xwiki-commons-xml versions 2.7 through 12.10.9, upgrade to version 12.10.10 or later. For xwiki-commons-xml versions 13.0.0 through 13.4.3, upgrade to version 13.4.4 or later. For xwiki-commons-xml versions 13.8-rc-0 and earlier, upgrade to version 13.8-rc-1 or later. As a general mitigation measure, be careful when giving Script rights to minimize the risk of exploitation.