Scott Gayou

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks Autonomous Digital Experience Manager (affected versions not specified) Description: An incorrect privilege assignment exists in Palo Alto Networks Autonomous Digital Experience Manager. A locally authenticated low-privileged user on macOS endpoints can escalate their privileges to root. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Eclipse Che version 6 **Description** The issue is related to the build process of some language stacks in Eclipse Che, which pulls binaries from an unsecured HTTP endpoint, making them vulnerable to man-in-the-middle (MITM) attacks. This allows for the replacement of original binaries with arbitrary ones. The affected stacks include Java 8 (alpine and centos), Android, and PHP. The vulnerability can only be exploited during the build process, not at runtime. **Recommendations** For Eclipse Che version 6, consider disabling the build process for the affected language stacks until a secure HTTP endpoint is implemented. Restrict access to the unsecured HTTP endpoint to minimize the risk of exploitation. Avoid using the affected stacks (Java 8, Android, and PHP) until the issue is resolved. As a temporary workaround, consider using alternative, secured endpoints for pulling binaries. At the moment, there is no information about a newer version that contains a fix for this vulnerability.