Stephen Yackey

**Name of the Vulnerable Software and Affected Versions** Talend Data Catalog versions prior to 8.0-20230413 **Description** The issue concerns the remote harvesting server, which contains a "/upgrade" endpoint that allows an unauthenticated WAR file to be deployed on the server. A mitigation measure is to place the remote harvesting server behind a firewall that only allows access to the Talend Data Catalog server. **Recommendations** For versions prior to 8.0-20230413, update to version 8.0-20230413 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/upgrade" endpoint until a patch is available. Place the remote harvesting server behind a firewall that only allows access to the Talend Data Catalog server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Talend Data Catalog versions prior to 8.0-20230110 **Description** The issue concerns XML External Entity (XXE) attacks. Specifically, the /MIMBWebServices/license endpoint of the remote harvesting server is affected. **Recommendations** For versions prior to 8.0-20230110, update to version 8.0-20230110 or later to resolve the issue. As a temporary workaround, consider restricting access to the "license" endpoint in the /MIMBWebServices path to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mesa Labs AmegaView versions 3.0 and prior **Description** The issue allows for command injection, which can be exploited to execute commands in the web server. **Recommendations** For Mesa Labs AmegaView versions 3.0 and prior, update to a version later than 3.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mesa Labs AmegaView versions 3.0 and prior **Description** The issue is related to insecure file permissions that could be exploited to escalate privileges on the device. **Recommendations** For Mesa Labs AmegaView versions 3.0 and prior, update to a version later than 3.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mesa Labs AmegaView version 3.0 **Description** The issue concerns the use of default cookies in the web application, which could be manipulated to bypass authentication. This may allow an attacker to gain unauthorized access to the application. **Recommendations** For Mesa Labs AmegaView version 3.0, consider changing the default cookies to unique, secure values to prevent authentication bypass. Additionally, review and strengthen the authentication mechanism to minimize the risk of unauthorized access.

**Name of the Vulnerable Software and Affected Versions** Mesa Labs AmegaView versions 3.0 and prior **Description** The issue concerns the generation of the passcode by an easily reversible algorithm, which may allow an attacker to gain access to the device. **Recommendations** For Mesa Labs AmegaView versions 3.0 and prior, consider changing the passcode generation algorithm to a more secure one to prevent easy reversibility and potential unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mesa Labs AmegaView version 3.0 **Description** The issue allows an attacker to remotely execute arbitrary code due to a command injection. This may lead to unauthorized access and control of the system. **Recommendations** For Mesa Labs AmegaView version 3.0, update to a version that includes a fix for the command injection issue, as using the current version may pose a significant risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.