Philipp Mao

**Name of the Vulnerable Software and Affected Versions** Bootloader versions prior to SMR June-2024 Release 1 **Description** The issue is an out-of-bounds read vulnerability in the bootloader. This allows physical attackers to access arbitrary data. **Recommendations** For versions prior to SMR June-2024 Release 1, update to the SMR June-2024 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** VeridiumID VeridiumAD version 2.5.3.0 **Description** An issue was discovered in the HTTP request that triggers push notifications for enrolled users, where proper access control is not enforced. This allows a user to trigger push notifications for any other user and modify the text contained in the notification. If the recipient accepts the notification, the user who triggered it can obtain the recipient's login certificate. **Recommendations** For VeridiumID VeridiumAD version 2.5.3.0, consider disabling the push notification feature until a patch is available to enforce proper access control and prevent unauthorized modifications to notification text. Restrict access to the HTTP request endpoint that triggers push notifications to minimize the risk of exploitation. Avoid using the feature that allows triggering push notifications for other users until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** REINER timeCard version 6.05.07 **Description** The issue concerns a hardcoded `sa` password in the `TCServer.jar` file for a Microsoft SQL Server installed by REINER timeCard. This hardcoded password could potentially allow unauthorized access to the SQL Server. **Recommendations** For REINER timeCard version 6.05.07, consider changing the hardcoded `sa` password in the `TCServer.jar` file to a secure, unique password to prevent unauthorized access. As a temporary workaround, restrict access to the SQL Server instance installed by REINER timeCard to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: FusionAuth fusionauth-samlv2 versions prior to 0.5.4 Description: The issue allows XXE attacks via a forged AuthnRequest or LogoutRequest because the `parseFromBytes` function uses `javax.xml.parsers.DocumentBuilderFactory` unsafely. This can be exploited by sending malicious requests to the affected system. Recommendations: For FusionAuth fusionauth-samlv2 versions prior to 0.5.4, update to version 0.5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the `parseFromBytes` function until a patch is applied. Avoid using the `javax.xml.parsers.DocumentBuilderFactory` unsafely in the affected API endpoints until the issue is resolved.