Ronnie Salomonsen

**Name of the Vulnerable Software and Affected Versions** Qlik QlikView versions prior to 12.60.20100.0 **Description** The issue allows the creation of a temporary file in a directory with insecure permissions. **Recommendations** For versions prior to 12.60.20100.0, update to version 12.60.20100.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Qlik NPrinting Designer versions prior to 21.14.4.0 **Description** The issue arises from Qlik NPrinting Designer creating a temporary file in a directory with insecure permissions. This could potentially allow unauthorized access or modification of sensitive data. **Recommendations** For versions prior to 21.14.4.0, update to version 21.14.4.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Avaya IP Office Admin Lite and USB Creator versions 11.1 Feature Pack 2 Service Pack 1 and earlier **Description** A privilege escalation issue was discovered that may allow a local user to escalate privileges. **Recommendations** For Avaya IP Office Admin Lite and USB Creator versions 11.1 Feature Pack 2 Service Pack 1 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Oracle Banking Trade Finance version 14.5 **Description** The issue exists due to insufficient input validation in the Infrastructure component of Oracle Banking Trade Finance, allowing a remote attacker to access, modify, add, or delete data via the HTTP protocol. Successful attacks require human interaction and can result in unauthorized access to critical data or all accessible data. **Recommendations** For version 14.5, consider restricting access to the Infrastructure component until a patch is available, and ensure that all interactions with the component are thoroughly validated to prevent unauthorized data access. As a temporary workaround, limit network access via HTTP to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Crystal Ball versions 11.1.2.0.000 through 11.1.2.4.900 **Description** The issue is related to insufficient input validation in the Installation component of Oracle Crystal Ball, allowing a low-privileged attacker with logon access to the infrastructure to compromise Oracle Crystal Ball. Successful attacks can result in the takeover of Oracle Crystal Ball and may significantly impact additional products. **Recommendations** For Oracle Crystal Ball versions 11.1.2.0.000 through 11.1.2.4.900, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BigFix Server API (affected versions not specified) **Description** A privilege escalation issue exists due to the use of an affected version of InstallShield. This could allow a local user to perform a privilege escalation. The issue was resolved by updating to an InstallShield version where the underlying issue is fixed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BigFix Client (affected versions not specified) **Description** A privilege escalation issue exists due to the use of a vulnerable version of InstallShield in the BigFix Client installer. This could allow a local user to perform a privilege escalation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Installer (MSI) built with InstallScript custom action (affected versions not specified) **Description** A vulnerability has been reported in the Windows Installer (MSI) built with InstallScript custom action, which may allow privilege escalation when the 'repair' of the MSI is invoked. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BigFix Console (affected versions not specified) **Description** The issue is related to a privilege escalation vulnerability in InstallShield, which is used to create the BigFix Console installer. This vulnerability could allow a local user to perform a privilege escalation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AppGuard Enterprise versions prior to 6.7.100.1 **Description** The issue allows local users to gain SYSTEM privileges because a repair operation relies on the %TEMP% directory of an unprivileged user. This is due to the creation of a temporary file in a directory with insecure permissions. **Recommendations** For versions prior to 6.7.100.1, update to version 6.7.100.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the %TEMP% directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Splashtop Remote Client (Personal Edition) versions 3.4.6.1 and earlier **Description** The issue is related to the creation of a temporary file in a directory with insecure permissions. **Recommendations** For versions 3.4.6.1 and earlier, update to a version later than 3.4.6.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Splashtop Streamer versions 3.4.8.3 and earlier **Description** The issue is related to the creation of a temporary file in a directory with insecure permissions. This could potentially lead to security issues, but specific details about exploitation or affected devices are not provided. **Recommendations** For versions 3.4.8.3 and earlier, update to a version later than 3.4.8.3 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Splashtop Remote Client (Business Edition) versions 3.4.8.3 and earlier **Description** The issue is related to the creation of a temporary file in a directory with insecure permissions. This could potentially lead to security issues, but specific details about exploitation or affected devices are not provided. **Recommendations** For versions 3.4.8.3 and earlier, update to a version later than 3.4.8.3 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Product (affected versions not specified) **Description** A flaw in the previous versions of the product may allow an authenticated attacker the ability to execute code as a privileged user on a system where the agent is installed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Check Point Remote Access Client (affected versions not specified) **Description** The issue allows regular users to initiate the installation repair of the Check Point Remote Access Client, potentially enabling an attacker to place a specially crafted EXE in the repair folder. This EXE would run with the privileges of the Check Point Remote Access Client. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Outlook for Mac (affected versions not specified) **Description** The issue is related to a security feature bypass in Microsoft Outlook for Mac, which can lead to information disclosure. An attacker could exploit this to gain access to confidential information remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Barracuda Network Access Client versions prior to 5.2.2 **Description** The issue arises when the Barracuda Network Access Client creates a temporary file in a directory with insecure permissions. This file is executed with SYSTEM privileges when an unprivileged user performs a repair operation, potentially leading to exploitation. **Recommendations** For versions prior to 5.2.2, update to version 5.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the directory where the temporary file is created to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BeyondTrust Privilege Management versions prior to 21.6 **Description** The issue arises from the creation of a temporary file in a directory with insecure permissions. This is a general information about the problem, but specific details such as the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited are not provided. **Recommendations** For versions prior to 21.6, update to version 21.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Check Point Harmony Browse and SandBlast Agent for Browsers versions prior to 90.08.7405 **Description** The issue arises because the MS Installer allows regular users to repair their installation. An attacker can exploit this by running an installer, starting the installation repair, and placing a specially crafted binary in the repair folder, which then runs with admin privileges. **Recommendations** For versions prior to 90.08.7405, update to version 90.08.7405 or later to resolve the issue. As a temporary workaround, consider restricting access to the installation repair feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Windows Installer (affected versions not specified) **Description** The issue is related to insufficient access restrictions in the Windows Installer component of the Microsoft Windows operating system. Exploitation of this issue may allow an attacker to bypass security restrictions and elevate their privileges. An elevation-of-privilege issue allows attackers to affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.