Rahul Maini

**Name of the Vulnerable Software and Affected Versions** Metabase Enterprise versions 1.47 through 1.54.21 Metabase Enterprise versions 1.55.0 through 1.55.21 Metabase Enterprise versions 1.56.0 through 1.56.21 Metabase Enterprise versions 1.57.0 through 1.57.15 Metabase Enterprise versions 1.58.0 through 1.58.9 Metabase Enterprise versions 1.59.0 through 1.59.3 **Description** Authenticated administrators can achieve Remote Code Execution (RCE) and Arbitrary File Read. This occurs via the 'POST /api/ee/serialization/import' endpoint when a crafted serialization archive injects an `INIT` property into the H2 JDBC specification, allowing the execution of arbitrary SQL during a database synchronization. This issue specifically affects the Enterprise Edition and has been confirmed in Metabase Cloud. **Recommendations** Update to version 1.54.22 Update to version 1.55.22 Update to version 1.56.22 Update to version 1.57.16 Update to version 1.58.10 Update to version 1.59.4 As a temporary workaround, disable the serialization import endpoint to prevent access to the affected code paths.

**Name of the Vulnerable Software and Affected Versions** Versa Concerto versions 12.1.2 through 12.2.0 **Description** The Versa Concerto SD-WAN orchestration platform contains a flaw related to improper permission assignment for a critical resource during certificate signing request validation. This can lead to privilege escalation and container escape. The unsafe default mounting of host binary paths allows a container to modify host paths. Successful exploitation of this issue may allow an attacker to execute arbitrary code or gain direct access to the host, depending on the host operating system configuration. **Recommendations** Versions 12.1.2 through 12.2.0 should be updated when a patch becomes available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Versa Concerto versions 12.1.2 through 12.2.0 **Description** The Versa Concerto SD-WAN orchestration platform contains a flaw in the Traefik reverse proxy configuration that allows an attacker to bypass authentication and access administrative endpoints. The Spack upload endpoint can be exploited using a Time-of-Check to Time-of-Use (TOCTOU) write condition combined with a race condition to achieve remote code execution (RCE) through path loading manipulation. This allows an unauthenticated actor to achieve RCE. The issue is actively exploited. **Recommendations** Versions 12.1.2 through 12.2.0 should be updated to a newer version that addresses this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Versa Concerto versions 12.1.2 through 12.2.0 **Description** The Versa Concerto SD-WAN orchestration platform has a flaw in the Traefik reverse proxy configuration that allows an attacker to bypass authentication and access administrative endpoints. The internal Actuator endpoint can be exploited to gain access to heap dumps and trace logs. This issue is actively exploited in the wild and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. Attackers can extract credentials and tokens from heap dumps, access internal SD-WAN management endpoints, perform lateral movement to managed edge devices, and potentially deploy persistent backdoors. The root cause is a misconfigured Traefik reverse proxy that forwards unauthenticated requests to `/actuator/*` endpoints. The `/actuator/*` endpoints expose sensitive memory and administrative functions. **Recommendations** Upgrade to the latest patched version from Versa Networks. Restrict access to the Traefik/admin interface. Block access to the `/actuator/*` endpoints externally. Deploy Web Application Firewall (WAF) rules. Review actuator access logs for unauthenticated GET requests. Rotate any exposed credentials. Isolate any compromised orchestrators.

**Name of the Vulnerable Software and Affected Versions** VMware Aria Operations for Networks (affected versions not specified) **Description** The issue is related to a local file read vulnerability in VMware Aria Operations for Networks. This vulnerability can be exploited by a malicious actor with admin privileges, potentially leading to unauthorized access to sensitive information. The vulnerability is associated with the use of files and directories accessible to external parties. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware Aria Operations for Networks versions 6.0 through 6.10 **Description** The issue is related to an authentication bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI. This vulnerability allows attackers to bypass authentication and potentially gain remote code execution. **Recommendations** For versions 6.0 through 6.10, update to a patched version to mitigate the vulnerability. As a temporary workaround, consider restricting access to the Aria Operations for Networks CLI to minimize the risk of exploitation. Additionally, ensure that SSH keys are properly managed and unique to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine Applications Manager versions through 16340 **Description** A stored Cross site scripting (XSS) issue allows an unauthenticated user to inject malicious javascript on the incorrect login details page. This can be exploited by injecting malicious code into the `login` page, potentially affecting user sessions. **Recommendations** For versions through 16340, update to a version that includes a fix for this issue to prevent malicious javascript injection. As a temporary workaround, consider restricting access to the login page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Exchange Server (affected versions not specified) **Description** The issue is related to errors in the representation of information by the user interface, allowing a remote attacker to conduct spoofing attacks. This can affect the system, enabling attackers to exploit the vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Lucee Server versions prior to 5.3.7.47 Lucee Server versions prior to 5.3.6.68 Lucee Server versions prior to 5.3.5.96 Description: The issue is an unauthenticated remote code exploit in Lucee Admin. It affects Lucee Server, a dynamic, Java-based tag and scripting language used for rapid web application development. As a workaround, blocking access to the Lucee Administrator can mitigate the risk. Recommendations: For versions prior to 5.3.7.47, update to version 5.3.7.47 or later. For versions prior to 5.3.6.68, update to version 5.3.6.68 or later. For versions prior to 5.3.5.96, update to version 5.3.5.96 or later. As a temporary workaround, consider blocking access to the Lucee Administrator until a patch is applied.