Sho Odagiri

**Name of the Vulnerable Software and Affected Versions** Apache Answer versions prior to 2.0.1 **Description** Improper Restriction of Security Token Assignment occurs when administrative tokens are not invalidated after an administrator account is suspended, deleted, or deactivated. This allows continued access to administrative APIs until the token expires. **Recommendations** Upgrade to version 2.0.1.

**Name of the Vulnerable Software and Affected Versions** Apache Answer versions prior to 2.0.1 **Description** Improper Neutralization of Alternate XSS Syntax occurs when AI-generated response content is rendered in the browser without proper sanitization. This allows malicious scripts to be executed when the content is viewed. Cross-Site Scripting (XSS) is a flaw where an attacker injects malicious scripts into content delivered to other users. **Recommendations** Upgrade to version 2.0.1.

**Name of the Vulnerable Software and Affected Versions** Apache Answer versions prior to 2.0.1 **Description** Timeline-related APIs lack proper authorization checks, which allows authenticated users to access content that is private, deleted, or unapproved, as well as its associated revision history. This leads to the exposure of private personal information to unauthorized actors. **Recommendations** Upgrade to version 2.0.1.

**Name of the Vulnerable Software and Affected Versions** Apache OFBiz versions prior to 24.09.06 **Description** Improper Authentication issue in Apache OFBiz where cookie manipulation allows authenticated JWT (JSON Web Token) forgery and account impersonation. **Recommendations** Upgrade to version 24.09.06.

**Name of the Vulnerable Software and Affected Versions** Apache OFBiz versions prior to 24.09.06 **Description** Improper Neutralization of Input During Web Page Generation leads to a Reflected Cross-site Scripting (XSS) issue. This occurs due to improper HTML attribute escaping within Layered-Modal Dialog parameters. **Recommendations** Upgrade to version 24.09.06.

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. Please note that in the updated version, "Data Resource" records with dataTemplateTypeId = "FTL" are no longer supported. Additionally, in the updated version, the "Ecommerce Customer" security group no longer includes content management grants. Users are advised to remove these permissions from any production site as well.

**Name of the Vulnerable Software and Affected Versions** Apache OFBiz versions prior to 24.09.06 **Description** Server-Side Request Forgery (SSRF) in the Content component operations. SSRF is a flaw that allows an attacker to induce the server-side application to make requests to an unintended location. **Recommendations** Upgrade to version 24.09.06.

**Name of the Vulnerable Software and Affected Versions** Apache OFBiz versions prior to 24.09.06 **Description** Improper Input Validation in Apache OFBiz allows for JSON Attribute Override and URL Allowlist Bypass, which can lead to Remote Code Execution. **Recommendations** Upgrade to version 24.09.06.

**Name of the Vulnerable Software and Affected Versions** Apache OFBiz versions prior to 24.09.06 **Description** Apache OFBiz contains issues involving improper neutralization of input during web page generation, improper limitation of a pathname to a restricted directory, and improper control of generation of code. These flaws allow for Cross-site Scripting (XSS), Path Traversal, and Code Injection, specifically within the Catalog Manager, which can lead to arbitrary file write, stored XSS, and Remote Code Execution (RCE). **Recommendations** Upgrade to version 24.09.06.

**Name of the Vulnerable Software and Affected Versions** Apache OFBiz versions prior to 24.09.06 **Description** Improper Neutralization of Special Elements used in an Expression Language Statement, also known as Expression Language Injection, exists in Apache OFBiz. This issue involves a FreeMarker Server-Side Template Injection (SSTI), which is a vulnerability where an attacker can inject malicious code into a template that is then executed on the server, potentially leading to unauthorized command execution. **Recommendations** Upgrade to version 24.09.06.

**Name of the Vulnerable Software and Affected Versions** Musetheque V4 (affected versions not specified) IPKNOWLEDGE V4L1 versions prior to rev2203.1 **Description** A cross-site scripting issue exists where the administration page does not properly sanitize file information. If a file containing malicious content is uploaded, an arbitrary script may be executed in the web browser of a user viewing the file information page. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IPKNOWLEDGE V4L1 versions prior to rev2203.0 **Description** A cross-site request forgery (CSRF) issue exists in Musetheque V4 Information Disclosure. This occurs when a logged-in user visits a malicious page, which can lead to the execution of unexpected operations. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Apache Cassandra versions 5.0 through 5.0.6 Description A privilege escalation issue exists in Apache Cassandra 5.0 when using MutualTlsAuthenticator in an mTLS environment. A user with only CREATE permission can associate their own certificate identity with an arbitrary role, including a superuser role, and authenticate as that role via the ADD IDENTITY function. Recommendations Upgrade to version 5.0.7 or later.

**Name of the Vulnerable Software and Affected Versions** GROWI versions prior to 7.4.5 **Description** The GROWI OpenAI thread/message API endpoints do not perform proper authorization checks. A logged-in user who has access to a shared AI assistant's identifier can potentially view and modify other users' threads and messages. The affected API endpoints allow unauthorized access to sensitive data and potential tampering with user communications. **Recommendations** Versions prior to 7.4.5 should be updated.

**Name of the Vulnerable Software and Affected Versions** Metabase versions prior to 0.57.13 Metabase versions 0.58.x through 0.58.6 **Description** Metabase is a data analytics platform where authenticated users could retrieve sensitive information, including database access credentials. A low-privileged user can extract sensitive information, such as database credentials, and include it in the email body through template evaluation. The issue involves access to vulnerable endpoints. **Recommendations** Disable notifications in your Metabase instance to disallow access to the vulnerable endpoints. Update to version 0.57.13 or later. Update to version 0.58.7 or later.

**Name of the Vulnerable Software and Affected Versions** Apache Answer versions through 1.7.1 github.com/apache/answer versions prior to 2.0.0 **Description** An issue exists in Apache Answer where an unauthenticated API endpoint incorrectly exposes the full revision history of deleted content. This allows an unauthorized user to retrieve restricted or sensitive information. Approximately 8.5K services are estimated to be affected worldwide. The vulnerable endpoint allows access to data that should be restricted. **Recommendations** Upgrade to version 2.0.0 to resolve the issue for Apache Answer versions through 1.7.1. Upgrade to version 2.0.0 to resolve the issue for github.com/apache/answer versions prior to 2.0.0.

**Name of the Vulnerable Software and Affected Versions** Eclipse Vert.x versions 4.0.0 through 4.5.21 Eclipse Vert.x versions 5.0.0 through 5.0.4 **Description** When directory listing is enabled, file and directory names are inserted into generated HTML without proper escaping in the `href`, `title`, and `link` attributes. An attacker who can create or rename files or directories within a served path can craft filenames containing malicious script or HTML content, leading to stored cross-site scripting (XSS) that executes in the context of users viewing the affected directory listing. **Recommendations** Update Eclipse Vert.x to a version later than 4.5.21. Update Eclipse Vert.x to a version later than 5.0.4.

**Name of the Vulnerable Software and Affected Versions** Eclipse Vert.x versions 4.0.0 through 4.5.21 Eclipse Vert.x versions 5.0.0 through 5.0.4 **Description** A configuration issue in StaticHandler within Eclipse Vert.x allows unauthorized access to hidden directories. Specifically, the intended restriction of access to hidden files does not extend to hidden directories, potentially exposing files within them, such as '.git/config'. **Recommendations** Update Eclipse Vert.x to a version beyond 5.0.4. Update Eclipse Vert.x to a version beyond 4.5.21.

**Name of the Vulnerable Software and Affected Versions** GROWI versions prior to v6.0.0 **Description** A stored cross-site scripting issue exists in the event handlers of the `pre` tags. If exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. **Recommendations** For GROWI versions prior to v6.0.0, update to version v6.0.0 or later to resolve the issue. As a temporary workaround, consider disabling the event handlers of the `pre` tags until a patch is available. Restrict access to the `pre` tags to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: baserCMS versions prior to 4.4.5 Description: The issue allows a remote attacker with administrative privileges to execute arbitrary OS commands. This can be achieved via unspecified vectors or the upload of malicious plugins. Recommendations: For baserCMS versions prior to 4.4.5, update to version 4.4.5 or later to resolve the issue. As a temporary workaround, consider restricting the upload of plugins and limiting administrative access to trusted users until the update can be applied.