Sonny

**Name of the Vulnerable Software and Affected Versions** BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 **Description** BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 are affected by an authentication bypass. This is due to improper enforcement of security filters on restricted REST API endpoints and servlets. Unauthenticated remote attackers can bypass access controls to invoke restricted functionality and gain unauthorized access to application data and modify system resources. The vulnerability affects access to restricted functionality through API endpoints. **Recommendations** Apply hotfix 20.20.02. Apply hotfix 20.20.03.002. Apply hotfix 20.21.01.001. Apply hotfix 20.21.02.002. Apply hotfix 20.22.01. Apply hotfix 20.22.01.001. Apply hotfix 20.23.01. Apply hotfix 20.23.01.002. Apply hotfix 20.24.01.

**Name of the Vulnerable Software and Affected Versions** BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 **Description** An issue exists in the ASP.NET servlet's VIEWSTATE handling involving the deserialization of untrusted data. Authenticated attackers can supply crafted serialized objects to the `VIEWSTATE` parameter to achieve remote code execution and fully compromise the application. **Recommendations** Apply hotfix 20.20.02 for version 20.20.02. Apply hotfix 20.20.03.002 for version 20.20.03. Apply hotfix 20.21.01.001 for version 20.21.01. Apply hotfix 20.21.02.002 for version 20.21.02. Apply hotfix 20.22.01 for version 20.22.01. Apply hotfix 20.22.01.001 for version 20.22.01.001. Apply hotfix 20.23.01 for version 20.23.01. Apply hotfix 20.23.01.002 for version 20.23.01.002. Apply hotfix 20.24.01 for version 20.24.01.

**Name of the Vulnerable Software and Affected Versions** BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 **Description** BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the `externalfeed/RSS` API component. This allows authenticated attackers to trigger arbitrary outbound requests from the server. Insufficient validation of externally supplied resource references enables attackers to interact with internal services or cause resource exhaustion, potentially impacting availability. The vulnerable component is the `externalfeed/RSS` API. **Recommendations** Apply hotfix 20.20.02. Apply hotfix 20.20.03.002. Apply hotfix 20.21.01.001. Apply hotfix 20.21.02.002. Apply hotfix 20.22.01. Apply hotfix 20.22.01.001. Apply hotfix 20.23.01. Apply hotfix 20.23.01.002. Apply hotfix 20.24.01.

**Name of the Vulnerable Software and Affected Versions** BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 **Description** BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery issue in the `searchWeb` API component. Authenticated attackers can exploit improper URL validation to cause the server to initiate arbitrary outbound requests. This can allow attackers to perform internal network scanning or interact with internal services, potentially impacting system availability. **Recommendations** Apply hotfix 20.20.02. Apply hotfix 20.20.03.002. Apply hotfix 20.21.01.001. Apply hotfix 20.21.02.002. Apply hotfix 20.22.01. Apply hotfix 20.22.01.001. Apply hotfix 20.23.01. Apply hotfix 20.23.01.002. Apply hotfix 20.24.01.

**Name of the Vulnerable Software and Affected Versions** Customer Managed ShareFile Storage Zones Controller (SZC) (affected versions not specified) **Description** An issue exists in the Customer Managed ShareFile Storage Zones Controller (SZC) due to improper access control. This allows an unauthenticated attacker to access restricted configuration pages, which can lead to unauthorized changes in system configuration and potential remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Monsta FTP versions 2.11 and earlier Monsta FTP versions prior to 2.11.3 **Description** Monsta FTP versions 2.11 and earlier contain a critical vulnerability that allows unauthenticated arbitrary file uploads, leading to remote code execution. Attackers can exploit this flaw by uploading a specially crafted file from a malicious (S)FTP server, potentially gaining full control of affected servers. Over 5,000 instances of Monsta FTP were found to be vulnerable. The vulnerability is being actively exploited in the wild, with reports of attackers dropping webshells and compromising systems. The flaw resides in the `downloadFile` function and is triggered by crafted POST requests. The API endpoint used for exploitation is not explicitly mentioned. The vulnerability allows attackers to upload payloads and gain server-level code execution. **Recommendations** Update Monsta FTP to version 2.11.3 or later to patch the vulnerability. Restrict API access to trusted IPs. Implement network segmentation to isolate critical assets. Monitor for unusual outbound SFTP/SSH connections. Deploy Web Application Firewalls with input validation and directory traversal detection. Harden server configurations by limiting write permissions and running services with least privilege. Conduct regular vulnerability assessments and patch management.

Name of the Vulnerable Software and Affected Versions: Commvault versions prior to 11.36.60 Description: A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. Role-Based Access Control (RBAC) can limit exposure, but does not eliminate the risk. Recommendations: Update to version 11.36.60 or later.

**Name of the Vulnerable Software and Affected Versions** Commvault Command Center Innovation Release versions 11.38.0 through 11.38.19 **Description** A path traversal vulnerability in Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files, which, when expanded by the target server, result in Remote Code Execution. This issue has been actively exploited, and it is recommended to patch immediately to prevent remote code execution. The vulnerability affects Commvault Command Center versions 11.38.0 to 11.38.19. Federal agencies have been directed to apply fixes by May 23, 2025. **Recommendations** For Commvault Command Center Innovation Release versions 11.38.0 through 11.38.19, update to version 11.38.20 or 11.38.25 to resolve the vulnerability. As a temporary workaround, consider restricting access to the vulnerable endpoint until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** NAKIVO Backup & Replication (affected versions not specified) **Description** The issue concerns an arbitrary file read vulnerability in NAKIVO Backup & Replication. Over 4,100 services have been found to be vulnerable. Approximately 208 vulnerable instances were detected as of February 26, 2025, and over 3,100 exposed targets have been identified. The vulnerability allows hackers to access sensitive data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PAN-OS (affected versions not specified) **Description** An unauthenticated file deletion issue in the management web interface of PAN-OS allows an attacker with network access to delete certain files, including limited logs and configuration files, but not system files, as the "nobody" user. The risk can be greatly reduced by restricting access to the management web interface to only trusted internal IP addresses. This issue does not affect Cloud NGFW or Prisma Access software. **Recommendations** Restrict access to the management web interface to only trusted internal IP addresses according to recommended best practices deployment guidelines. As a temporary workaround, consider restricting access to the management web interface until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Hospitality OPERA 5 versions 5.6.19.20 through 5.6.27.1 **Description** This issue allows an unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks can result in unauthorized access to critical data or complete access to all accessible data and the ability to cause a hang or frequently repeatable crash of Oracle Hospitality OPERA 5. **Recommendations** For versions 5.6.19.20, 5.6.25.8, 5.6.26.6, and 5.6.27.1, consider restricting access to the Opera Servlet component to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling access to the HTTP endpoint to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Palo Alto Networks PAN-OS versions prior to 10.2.12 Palo Alto Networks PAN-OS versions prior to 11.0.6 Palo Alto Networks PAN-OS versions prior to 11.1.5 Palo Alto Networks PAN-OS versions prior to 11.2.4 **Description** An authentication bypass in the PAN-OS management web interface enables an unauthenticated attacker with network access to gain PAN-OS administrator privileges. This allows attackers to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities. The issue has been exploited in real-world scenarios, with over 2,000 Palo Alto firewalls reportedly hacked. To exploit this issue, attackers can supply a specific value to the `X-PAN-AUTHCHECK` HTTP request header, which allows them to bypass authentication. **Recommendations** Palo Alto Networks PAN-OS versions prior to 10.2.12: Upgrade to version 10.2.12 or later. Palo Alto Networks PAN-OS versions prior to 11.0.6: Upgrade to version 11.0.6 or later. Palo Alto Networks PAN-OS versions prior to 11.1.5: Upgrade to version 11.1.5 or later, or consider 11.1.4-h7 as an alternative. Palo Alto Networks PAN-OS versions prior to 11.2.4: Upgrade to version 11.2.4 or later. As a temporary workaround, consider restricting access to the management web interface to only trusted internal IP addresses.

**Name of the Vulnerable Software and Affected Versions** IBM Operational Decision Manager versions 8.10.3 through 8.12.0.1 **Description** The issue is related to a remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. This could allow a remote attacker to conduct an LDAP injection by sending a request with a specially crafted argument. **Recommendations** For IBM Operational Decision Manager versions 8.10.3 through 8.12.0.1, consider disabling the API that accepts unchecked arguments until a patch is available. Restrict access to the vulnerable API to minimize the risk of exploitation. Avoid using unchecked arguments in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sangfor Next-Gen Application Firewall version NGAF8.0.17 **Description** The issue is related to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the "svpn html/loadfile.php" endpoint. This can be exploited by a remote and unauthenticated attacker under certain conditions. The vulnerability is associated with a lack of protection for service data, which can allow a remote attacker to disclose protected information. **Recommendations** For Sangfor Next-Gen Application Firewall version NGAF8.0.17, consider restricting access to the "svpn html/loadfile.php" endpoint to minimize the risk of exploitation. As a temporary workaround, consider disabling the use of this endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sangfor Next-Gen Application Firewall version NGAF8.0.17 **Description** The issue is related to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the "/LogInOut.php" endpoint. This vulnerability is due to the mishandling of shell meta-characters in the `un` parameter. **Recommendations** For Sangfor Next-Gen Application Firewall version NGAF8.0.17, as a temporary workaround, consider restricting access to the "/LogInOut.php" endpoint until a patch is available. Additionally, avoid using the `un` parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sangfor Next-Gen Application Firewall version NGAF8.0.17 **Description** The issue allows a remote and unauthenticated attacker to bypass authentication and access administrative functionality. This is achieved by sending HTTP requests with a crafted `Y-forwarded-for` header. The vulnerability is related to an authentication bypass, which can be exploited using specially formed HTTP requests. **Recommendations** For Sangfor Next-Gen Application Firewall version NGAF8.0.17, consider restricting access to administrative functionality until a patch is available. As a temporary workaround, avoid using the `Y-forwarded-for` header in HTTP requests to minimize the risk of exploitation.