Sharad Kumar Dahal

**Name of the Vulnerable Software and Affected Versions** MISP versions prior to 2.4.198 **Description** The issue concerns a flaw in the app/Controller/UserLoginProfilesController.php file, which allows an org admin to view sensitive login fields of another org admin within the same organization. **Recommendations** For MISP versions prior to 2.4.198, upgrade to a version that is 2.4.198 or later to mitigate the issue. As a temporary workaround, consider restricting access to the UserLoginProfilesController.php file until the upgrade is applied.

Name of the Vulnerable Software and Affected Versions: MISP versions 2.4.196 and earlier Description: The issue concerns improper access restriction to bookmarks data in MISP when the user is not an org admin, specifically within the app/Controller/BookmarksController.php file. Recommendations: For MISP versions 2.4.196 and earlier, ensure you are using the latest version to mitigate vulnerabilities. As a temporary workaround, consider restricting access to the `BookmarksController.php` file until a patch is available. Restrict access to bookmarks data for non-admin users to minimize the risk of exploitation.