Raschin Tavakoli

**Name of the Vulnerable Software and Affected Versions** SAP S/4HANA versions prior to the fixed version DMIS Mobile Plug-In versions 2011 1 620 through 2011 1 752, 2020 SAPSCORE version 125 S4CORE versions 102 through 105 **Description** The issue is related to the lack of protection for the SQL query structure, allowing a remote attacker to execute arbitrary SQL queries. This can lead to a SQL Injection vulnerability, highly impacting systems' Confidentiality, Integrity, and Availability. An attacker with access to a highly privileged account can execute a manipulated query in the NDZT tool to gain access to the Superuser account. **Recommendations** For SAP S/4HANA, update to a version that includes the fix for this issue. For DMIS Mobile Plug-In versions 2011 1 620 through 2011 1 752, 2020, update to a version that includes the fix for this issue. For SAPSCORE version 125, update to a version that includes the fix for this issue. For S4CORE versions 102 through 105, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the NDZT tool to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Koha versions 3.14.x through 3.14.15 Koha versions 3.16.x through 3.16.11 Koha versions 3.18.x through 3.18.07 Koha versions 3.20.x through 3.20.0 **Description** The issue allows remote attackers to hijack the authentication of administrators for requests that create a user via a request to "members/memberentry.pl" or give a user superlibrarian permission via a request to "members/member-flags.pl". Additionally, it allows the hijacking of the authentication of arbitrary users for requests that conduct cross-site scripting (XSS) attacks via the `addshelf` parameter to "opac-shelves.pl". **Recommendations** For Koha versions 3.14.x through 3.14.15, update to version 3.14.16 or later. For Koha versions 3.16.x through 3.16.11, update to version 3.16.12 or later. For Koha versions 3.18.x through 3.18.07, update to version 3.18.08 or later. For Koha versions 3.20.x through 3.20.0, update to version 3.20.1 or later.

**Name of the Vulnerable Software and Affected Versions** Koha versions 3.14.x through 3.14.15 Koha versions 3.16.x through 3.16.11 Koha versions 3.18.x through 3.18.07 Koha versions 3.20.x through 3.20.0 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via various parameters, including `tag` to "opac-search.pl", `value` to "authorities/authorities-home.pl", `delay` to "acqui/lateorders.pl", `authtypecode` or `tagfield` to "admin/auth subfields structure.pl", `tagfield` to "admin/marc subfields structure.pl", `limit` to "catalogue/search.pl", and multiple parameters to "serials/serials-search.pl" and "suggestion/suggestion.pl". **Recommendations** For Koha versions 3.14.x through 3.14.15, update to version 3.14.16 or later. For Koha versions 3.16.x through 3.16.11, update to version 3.16.12 or later. For Koha versions 3.18.x through 3.18.07, update to version 3.18.08 or later. For Koha versions 3.20.x through 3.20.0, update to version 3.20.1 or later.

**Name of the Vulnerable Software and Affected Versions** Koha versions 3.14.x through 3.14.15 Koha versions 3.16.x through 3.16.11 Koha versions 3.18.x through 3.18.07 Koha versions 3.20.x through 3.20.0 **Description** The issue allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the `template path` parameter to "svc/virtualshelves/search" or "svc/members/search" API endpoints. **Recommendations** For Koha versions 3.14.x through 3.14.15, update to version 3.14.16 or later. For Koha versions 3.16.x through 3.16.11, update to version 3.16.12 or later. For Koha versions 3.18.x through 3.18.07, update to version 3.18.08 or later. For Koha versions 3.20.x through 3.20.0, update to version 3.20.1 or later.

**Name of the Vulnerable Software and Affected Versions** Koha versions 3.14.x through 3.14.15 Koha versions 3.16.x through 3.16.11 Koha versions 3.18.x through 3.18.07 Koha versions 3.20.x through 3.20.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `number` parameter to "opac-tags subject.pl" in the OPAC interface. Additionally, remote authenticated users can execute arbitrary SQL commands via the `Filter` or `Criteria` parameter to "reports/borrowers out.pl" in the Staff interface. **Recommendations** For Koha versions 3.14.x through 3.14.15, update to version 3.14.16 or later. For Koha versions 3.16.x through 3.16.11, update to version 3.16.12 or later. For Koha versions 3.18.x through 3.18.07, update to version 3.18.08 or later. For Koha versions 3.20.x through 3.20.0, update to version 3.20.1 or later.

**Name of the Vulnerable Software and Affected Versions** Koha versions 3.14.x through 3.14.15 Koha versions 3.16.x through 3.16.11 Koha versions 3.20.x through 3.20.0 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a crafted list name. This is a type of security issue where an attacker can inject malicious code into a website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For Koha versions 3.14.x through 3.14.15, update to version 3.14.16 or later. For Koha versions 3.16.x through 3.16.11, update to version 3.16.12 or later. For Koha versions 3.20.x through 3.20.0, update to version 3.20.1 or later.