Shota Horiguchi

**Name of the Vulnerable Software and Affected Versions** Quick Agent V3 (affected versions not specified) Quick Agent V2 (affected versions not specified) **Description** The issue is related to improper limitation of a pathname to a restricted directory, commonly known as a 'Path Traversal' vulnerability. This vulnerability allows attackers to bypass directory restrictions, potentially leading to arbitrary code execution. If exploited, arbitrary code may be executed by a remote unauthenticated attacker with the Windows system privilege where the product is running. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Quick Agent V3 and Quick Agent V2 (affected versions not specified) **Description** The issue involves an improper limitation of a pathname to a restricted directory, commonly referred to as a Path Traversal issue. If exploited, an arbitrary file in the affected product may be obtained by a remote attacker who can log in to the product. This could allow an attacker to access arbitrary files on the system, potentially leading to unauthorized data access, modification, or even execution of malicious code. **Recommendations** For Quick Agent V3 and Quick Agent V2, validate and sanitize any user input that could be used to manipulate file paths to prevent exploitation of the Path Traversal issue. As a temporary workaround, consider restricting access to sensitive files and directories until a proper fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Quick Agent V3 and Quick Agent V2 (affected versions not specified) **Description** The issue is related to improper restriction of communication channels to intended endpoints. This could allow a remote unauthenticated attacker to attempt to log in to an arbitrary host via a Windows system where the product is running. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.