Sebastian Perez

**Name of the Vulnerable Software and Affected Versions** Bamboo versions prior to 6.1.6 Bamboo versions 6.2.0 through 6.2.4 **Description** The issue allows for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags. An attacker with restricted administration rights to Bamboo, or who hosts a website visited by a Bamboo administrator, can exploit this to execute Java code of their choice on systems running a vulnerable version of Bamboo. **Recommendations** For Bamboo versions prior to 6.1.6, update to version 6.1.6 or later. For Bamboo versions 6.2.0 through 6.2.4, update to version 6.2.5 or later.

**Name of the Vulnerable Software and Affected Versions** Plone CMS versions 3.3.x through 3.3.6 Plone CMS versions 4.x through 4.3.11 Plone CMS versions 5.x through 5.0.6 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For Plone CMS versions 3.3.x through 3.3.6, update to a version later than 3.3.6 to resolve the issue. For Plone CMS versions 4.x through 4.3.11, update to a version later than 4.3.11 to resolve the issue. For Plone CMS versions 5.x through 5.0.6, update to a version later than 5.0.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Plone CMS versions 3.3.x through 3.3.6 Plone CMS versions 4.x through 4.3.11 Plone CMS versions 5.x through 5.0.6 **Description** The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. This can be achieved via a URL in the `referer` parameter to specific endpoints, such as `%2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions` or `folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions`, or the `came from` parameter to the `/login form` endpoint. **Recommendations** For Plone CMS versions 3.3.x through 3.3.6, update to a version outside of this range to mitigate the risk. For Plone CMS versions 4.x through 4.3.11, update to a version outside of this range to mitigate the risk. For Plone CMS versions 5.x through 5.0.6, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the vulnerable endpoints, such as `%2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions` and `folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions`, and avoid using the `came from` parameter in the `/login form` endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Plone CMS versions 3.3.x through 3.3.6 Plone CMS versions 4.x through 4.3.11 Plone CMS versions 5.x through 5.0.6 **Description** The issue is related to a cross-site scripting (XSS) vulnerability in the URL checking infrastructure. This allows remote attackers to inject arbitrary web script or HTML via a crafted URL. **Recommendations** For Plone CMS versions 3.3.x through 3.3.6, update to a version later than 3.3.6 to resolve the issue. For Plone CMS versions 4.x through 4.3.11, update to a version later than 4.3.11 to resolve the issue. For Plone CMS versions 5.x through 5.0.6, update to a version later than 5.0.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Plone CMS versions 3.3.x through 3.3.6 Plone CMS versions 4.x through 4.3.11 Plone CMS versions 5.x through 5.0.6 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This allows remote attackers to inject arbitrary web script or HTML. The estimated number of potentially affected devices and details about real-world incidents are not specified. **Recommendations** For Plone CMS versions 3.3.x through 3.3.6, update to a version later than 3.3.6 to resolve the issue. For Plone CMS versions 4.x through 4.3.11, update to a version later than 4.3.11 to resolve the issue. For Plone CMS versions 5.x through 5.0.6, update to a version later than 5.0.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Plone CMS versions 4.2.x through 4.3.11 Plone CMS versions 5.x through 5.0.6 **Description** The issue allows remote administrators to read arbitrary files via a .. (dot dot) in the `path` parameter in a `getFile` action to the `Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions` endpoint. **Recommendations** For Plone CMS versions 4.2.x through 4.3.11, update to a version outside of this range to resolve the issue. For Plone CMS versions 5.x through 5.0.6, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the `Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions` endpoint to minimize the risk of exploitation. Avoid using the `path` parameter in the affected `getFile` action until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Plone CMS versions 4.x through 4.3.11 Plone CMS versions 5.x through 5.0.6 **Description** The issue allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request. **Recommendations** For Plone CMS versions 4.x through 4.3.11, update to a version later than 4.3.11 to resolve the issue. For Plone CMS versions 5.x through 5.0.6, update to a version later than 5.0.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Atlassian Confluence versions prior to 5.8.17 **Description** The issue allows remote authenticated users to read configuration files. This can be achieved by manipulating the `decoratorName` parameter in specific API endpoints, such as "/spaces/viewdefaultdecorator.action" or "/admin/viewdefaultdecorator.action". **Recommendations** For versions prior to 5.8.17, update to version 5.8.17 or later to resolve the issue. As a temporary workaround, consider restricting access to the `decoratorName` parameter in the affected API endpoints until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Atlassian Confluence versions prior to 5.8.17 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the PATH INFO to the "rest/prototype/1/session/check" API endpoint. **Recommendations** For versions prior to 5.8.17, update to version 5.8.17 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Axway SecureTransport versions 5.1 SP2 and earlier **Description** The issue allows remote authenticated users to perform various unauthorized actions, including reading, deleting, or creating files, as well as listing directories. This is achieved by using a ..%5C (encoded dot dot backslash) in a URI, which enables directory traversal. **Recommendations** For Axway SecureTransport versions 5.1 SP2 and earlier, update to a version later than 5.1 SP2 to resolve the issue.