Petrusviet

**Name of the Vulnerable Software and Affected Versions** GiveWP – Donation Plugin and Fundraising Platform versions up to 3.19.2 **Description** The issue allows unauthenticated attackers to inject a PHP Object via deserialization of untrusted input from the donation form, such as the `firstName` field. The presence of a POP chain enables attackers to delete arbitrary files on the server, making remote code execution possible. A fully sufficient patch was not released until version 3.19.4. **Recommendations** For versions up to 3.19.2, update to version 3.19.4 to resolve the issue. As a temporary workaround, consider using JSON encoding to prevent further deserialization vulnerabilities. Restrict access to the vulnerable donation form to minimize the risk of exploitation. Avoid using the `firstName` field in the affected form until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** VMware Workspace ONE Access and Identity Manager (affected versions not specified) **Description** The issue is related to a remote code execution vulnerability in the administration platform of VMware Workspace ONE Access and Identity Manager. This vulnerability is due to the lack of protection against SQL query structure exploitation. A malicious actor with administrator and network access can trigger remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware Workspace ONE Access, Identity Manager and vRealize Automation (affected versions not specified) **Description** The issue is related to incorrect code generation management in the administration platform of VMware Workspace One Access, VMware Identity Manager console, and VMware vRealize Automation virtual infrastructure management tool. A malicious actor with administrator and network access can trigger a remote code execution. This allows an attacker to execute arbitrary code remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation (affected versions not specified) **Description** The issue is related to a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files. The vulnerability is caused by incorrect restriction of the directory path name with limited access. Exploitation of the vulnerability may allow a remote attacker to read arbitrary files in the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JetBrains Hub versions prior to 2021.1.13389 **Description** The issue allows for account takeover during the password reset process. **Recommendations** For versions prior to 2021.1.13389, update to version 2021.1.13389 or later to resolve the issue.