Shadi Habbal

Researcher fromTÜV Rheinland i-sec GmbH
#5737of 53,633
46.9Total CVSS
Vulnerabilities · 6
Medium
1
High
4
Critical
1
PT-2023-16862
9.8
2023-03-09
Dsm · Enovia Live Collaboration · CVE-2023-1287
**Name of the Vulnerable Software and Affected Versions** ENOVIA Live Collaboration version V6R2013xE **Description** An XSL template vulnerability in the software allows Remote Code Execution. **Recommendations** For ENOVIA Live Collaboration version V6R2013xE, update to a version that fixes the XSL template vulnerability to prevent Remote Code Execution.
PT-2023-16863
7.5
2023-03-09
Dsm · Enovia Live Collaboration · CVE-2023-1288
**Name of the Vulnerable Software and Affected Versions** ENOVIA Live Collaboration version V6R2013xE **Description** An XML External Entity injection (XXE) vulnerability allows an attacker to read local files on the server, which can also lead to Remote File inclusions. **Recommendations** For ENOVIA Live Collaboration version V6R2013xE, consider disabling XML External Entity processing to prevent XXE attacks until a patch is available. Restrict access to sensitive files on the server to minimize the risk of exploitation.
PT-2022-11224
7.8
2022-03-07
Otris · Otris Update Manager · CVE-2021-40376
**Name of the Vulnerable Software and Affected Versions** otris Update Manager version 1.2.1.0 **Description** The issue allows local users to gain SYSTEM access through unauthenticated calls to exposed interfaces over a .NET named pipe. It is also possible that a remote attack could be conducted by leveraging WsHTTPBinding for HTTP traffic on TCP port 9000. **Recommendations** For otris Update Manager version 1.2.1.0, consider restricting access to the exposed interfaces over the .NET named pipe and limiting HTTP traffic on TCP port 9000 to prevent potential exploitation. As a temporary workaround, restrict access to the WsHTTPBinding interface until a patch is available.
PT-2021-14022
7.8
2021-04-26
Ibm · Ibm Spectrum Protect Client · CVE-2021-20532
Name of the Vulnerable Software and Affected Versions: IBM Spectrum Protect Client versions 8.1.0.0 through 8.1.11.0 Description: The issue allows a local user to escalate their privileges to take full control of the system due to insecure directory permissions. Recommendations: For versions 8.1.0.0 through 8.1.11.0, update to a version that addresses the insecure directory permissions issue to prevent privilege escalation.
PT-2019-15545
7.5
2019-10-30
Moolticute · Moolticute · CVE-2019-18635
**Name of the Vulnerable Software and Affected Versions** Moolticute versions prior to v0.42.2 **Description** A NULL pointer dereference issue was discovered in the MPDevice win.cpp file. **Recommendations** For versions prior to v0.42.2, update to version v0.42.2 or later to resolve the issue.
PT-2019-13059
6.5
2019-10-22
Moolticute · Moolticute · CVE-2019-12967
**Name of the Vulnerable Software and Affected Versions** Moolticute versions through 0.42.1 **Description** The issue is related to Incorrect Access Control, which may allow unauthorized access to certain resources or functions. **Recommendations** For versions through 0.42.1, update to a version that addresses the Incorrect Access Control issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.