Philipp Rocholl

Name of the Vulnerable Software and Affected Versions: Pleasant Password Server versions prior to 7.8.3 Description: The issue arises from missing authorization checks, allowing any authenticated user to list, upload, or delete attachments to password safe entries. To perform these actions, a user needs to know the corresponding `CredentialId` value, which is a GUID that uniquely identifies a password safe entry. Although `CredentialId` values are hard to guess, they can be exposed to malicious users if an entry's owner grants read-only access or temporary grants. Recommendations: For versions prior to 7.8.3, update to version 7.8.3 or later to resolve the issue. As a temporary workaround, consider restricting access to password safe entries and avoiding granting read-only access or temporary grants to untrusted users. Additionally, limit the exposure of `CredentialId` values to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ipswitch MOVEit DMZ versions prior to 8.2 **Description** The issue allows remote authenticated users to enumerate FileIDs due to different error messages provided by the MOVEitISAPI service, depending on whether a FileID exists. This can be achieved via the `X-siLock-FileID` parameter in a download action to "MOVEitISAPI/MOVEitISAPI.dll". **Recommendations** For Ipswitch MOVEit DMZ versions prior to 8.2, update to version 8.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ipswitch MOVEit Mobile versions 1.2.0.962 and earlier **Description** The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities allow remote attackers to hijack the authentication of unspecified victims. The exact vectors used for the attack are not specified. **Recommendations** For Ipswitch MOVEit Mobile versions 1.2.0.962 and earlier, update to a version later than 1.2.0.962 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ipswitch MOVEit Mobile versions prior to 1.2.2 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the query string to the "mobile/" endpoint. **Recommendations** For Ipswitch MOVEit Mobile versions prior to 1.2.2, update to version 1.2.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ipswitch MOVEit DMZ versions prior to 8.2 **Description** The issue allows remote attackers to enumerate usernames by analyzing different error messages for authentication attempts, depending on whether the user account exists. This can be achieved via a series of SOAP requests to the "machine.aspx" API endpoint. **Recommendations** For versions prior to 8.2, update to version 8.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ipswitch MOVEit DMZ versions prior to 8.2 Ipswitch MOVEit Mobile versions prior to 1.2.2 **Description** The issue allows remote authenticated users to bypass authorization and read uploaded files. This can be achieved by providing a valid FileID in the `serverFileIds` parameter to the "mobile/sendMsg" endpoint or the `arg01` parameter to the "human.aspx" endpoint. **Recommendations** For Ipswitch MOVEit DMZ versions prior to 8.2, update to version 8.2 or later to resolve the issue. For Ipswitch MOVEit Mobile versions prior to 1.2.2, update to version 1.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `mobile/sendMsg` and `human.aspx` endpoints until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Pulse Connect Secure versions prior to 7.1R22.1 Pulse Connect Secure versions prior to 7.4 Pulse Connect Secure versions 8.0 through 8.0R10 Pulse Connect Secure versions 8.1 through 8.1R2 **Description** The issue allows remote authenticated users to bypass intended access restrictions and log into arbitrary meetings by leveraging a meeting id and meetingAppSun.jar. **Recommendations** For versions prior to 7.1R22.1, update to version 7.1R22.1 or later. For versions prior to 7.4, update to version 7.4 or later. For versions 8.0 through 8.0R10, update to version 8.0R11 or later. For versions 8.1 through 8.1R2, update to version 8.1R3 or later.

**Name of the Vulnerable Software and Affected Versions** Pulse Connect Secure versions prior to 7.1R22.1 Pulse Connect Secure versions prior to 7.4 Pulse Connect Secure versions 8.0 through 8.0R10 Pulse Connect Secure versions 8.1 through 8.1R2 **Description** The issue allows remote attackers to enumerate valid meeting ids via a series of requests to the Secure Meeting (Pulse Collaboration) in Pulse Connect Secure. This is due to the different messages provided for attempts to join a meeting depending on the status of the meeting. **Recommendations** For Pulse Connect Secure versions prior to 7.1R22.1, update to version 7.1R22.1 or later. For Pulse Connect Secure versions prior to 7.4, update to version 7.4 or later. For Pulse Connect Secure versions 8.0 through 8.0R10, update to version 8.0R11 or later. For Pulse Connect Secure versions 8.1 through 8.1R2, update to version 8.1R3 or later.

Name of the Vulnerable Software and Affected Versions: TYPO3 Library for Frontend Plugins (aka sg zfelib) extension version 1.1.512 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands via unspecified `user input`. This can potentially lead to unauthorized access and manipulation of sensitive data. Recommendations: For versions 1.1.512 and earlier, update to a version later than 1.1.512 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.