Sh7Err03

**Name of the Vulnerable Software and Affected Versions** nutzam NutzBoot versions up to 2.6.0-SNAPSHOT **Description** A security flaw exists in nutzam NutzBoot. The issue resides in an unknown function within the `EthModule.java` file of the Ethereum Wallet Handler component. Manipulation of this component can lead to information disclosure, and the attack can be initiated remotely. The exploit for this issue is publicly available. **Recommendations** Versions prior to 2.6.0-SNAPSHOT should be used.

**Name of the Vulnerable Software and Affected Versions** nutzam NutzBoot versions up to 2.6.0-SNAPSHOT **Description** A weakness exists in nutzam NutzBoot that could allow for deserialization. This issue affects the `getInputStream` function within the `HttpServletRpcEndpoint.java` file of the LiteRpc-Serializer component. The attack can be launched remotely and is characterized by high complexity, with difficult exploitability. The exploit has been publicly released. **Recommendations** Versions up to 2.6.0-SNAPSHOT should be updated.

**Name of the Vulnerable Software and Affected Versions** nutzam NutzBoot versions up to 2.6.0-SNAPSHOT **Description** A security issue exists in nutzam NutzBoot related to improper authorization within the Transaction API. The issue stems from manipulation of the `from`, `to`, and `wei` arguments in an unknown function within the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java. Remote exploitation is possible, and the exploit has been publicly disclosed. **Recommendations** Versions prior to 2.6.0-SNAPSHOT should be used.

**Name of the Vulnerable Software and Affected Versions** orionsec orion-ops versions up to 5925824997a3109651bbde07460958a7be249ed1 **Description** A flaw exists in orionsec orion-ops that leads to improper authorization. This issue is located within the `MachineKeyController` function in the `MachineKeyController.java` file of the API component. The issue can be exploited remotely. The exploit is publicly available. The vendor was notified but did not respond. **Recommendations** Versions up to 5925824997a3109651bbde07460958a7be249ed1 should be updated. As a temporary workaround, consider restricting access to the `MachineKeyController` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** orionsec orion-ops versions up to 5925824997a3109651bbde07460958a7be249ed1 **Description** A flaw exists in orionsec orion-ops. The issue is related to improper authorization caused by manipulation of the `ID` argument within the `update` function located in the `UserController.java` file of the User Profile Handler component. This manipulation can be carried out remotely. An exploit for this issue has been published. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** Versions up to 5925824997a3109651bbde07460958a7be249ed1 should be updated. As a temporary workaround, consider restricting access to the `update` function within the `UserController.java` file until a patch is available.