Steven Seeley

**Name of the Vulnerable Software and Affected Versions** Apache Struts versions 2.0.0 through 2.5.32 Apache Struts versions 6.0.0 through 6.3.0.1 **Description** A critical vulnerability has been identified in Apache Struts, allowing attackers to manipulate file upload parameters and enable path traversal, potentially leading to remote code execution. This issue is related to the file upload component of Apache Struts, which contains a directory traversal vulnerability. The vulnerability can be exploited by manipulating the `uploadFileName` parameter, allowing attackers to upload malicious files to arbitrary locations on the server. **Recommendations** To resolve the issue, upgrade to Apache Struts version 2.5.33 or later, or version 6.3.0.2 or later. As a temporary workaround, consider restricting access to the file upload functionality to minimize the risk of exploitation. Additionally, restrict access to the vulnerable `uploadFileName` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Inductive Automation Ignition (affected versions not specified) **Description** The issue is related to the ParameterVersionJavaSerializationCodec class in Inductive Automation Ignition, which is associated with weaknesses in the authentication procedure. This allows a remote attacker to execute arbitrary code in the context of SYSTEM due to the lack of proper validation of user-supplied data, resulting in the deserialization of untrusted data. No authentication is required to exploit this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Inductive Automation Ignition (affected versions not specified) **Description** The issue is related to errors in data serialization within the JavaSerializationCodec class of Inductive Automation Ignition. This allows remote attackers to execute arbitrary code on affected installations without requiring authentication. The problem stems from the lack of proper validation of user-supplied data, leading to the deserialization of untrusted data. An attacker can leverage this to execute code in the context of SYSTEM. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Keysight Geolocation Server versions 2.4.2 and prior **Description** A low privileged attacker could create a local ZIP file containing a malicious script in any location, which could be abused to load a DLL with SYSTEM privileges. The vulnerability is related to the use of dangerous methods or functions. **Recommendations** For Keysight Geolocation Server versions 2.4.2 and prior, consider restricting access to the ZIP file creation functionality to prevent exploitation until a patch is available. As a temporary workaround, avoid using the affected functionality that allows loading DLLs with SYSTEM privileges. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Keysight Geolocation Server versions 2.4.2 and prior **Description** The issue is related to improper path validation, which could allow an attacker to upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges. This could result in local privilege escalation or a denial-of-service condition. The vulnerability is associated with errors in processing relative paths to directories. **Recommendations** For Keysight Geolocation Server versions 2.4.2 and prior, consider restricting access to sensitive directories and files to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the affected server for critical operations that could be impacted by a denial-of-service condition. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SoftwareX (affected versions not specified) **Description** The issue is related to an improper validation of array index. This could allow an attacker to crash the server and remotely execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NETGEAR ProSAFE Network Management System (affected versions not specified) **Description** The issue is related to the ZipUtils class in the NETGEAR ProSAFE Network Management System, which is caused by improper restriction of a directory path with limited access. This allows a remote attacker to bypass security restrictions and execute arbitrary code. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The flaw exists due to the lack of proper validation of a user-supplied path prior to using it in file operations, allowing an attacker to execute code in the context of SYSTEM. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NETGEAR ProSAFE Network Management System (affected versions not specified) **Description** The issue is related to an unrestricted file upload vulnerability in the UpLoadServlet class, which can be exploited by remote attackers to execute arbitrary code on affected installations. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The flaw exists due to the lack of proper validation of user-supplied data, allowing the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NETGEAR ProSAFE Network Management System (affected versions not specified) **Description** This issue allows remote attackers to escalate privileges on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can be bypassed. The specific flaw exists within the `clearAlertByIds` function, resulting from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this issue to escalate privileges to resources normally protected from the user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** NETGEAR ProSAFE Network Management System (affected versions not specified) **Description** This issue allows remote attackers to escalate privileges on affected installations. Although authentication is required to exploit this, the existing authentication mechanism can be bypassed. The specific flaw exists within the `createUser` function, resulting from the lack of authorization prior to allowing access to functionality. An attacker can leverage this to escalate privileges to resources normally protected from the user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NETGEAR ProSAFE Network Management System (affected versions not specified) **Description** This issue allows remote attackers to bypass authentication on affected installations of the NETGEAR ProSAFE Network Management System. The specific flaw exists within the MyHandlerInterceptor class, resulting from improper implementation of the authentication mechanism. An attacker can leverage this vulnerability to bypass authentication on the system, potentially impacting the confidentiality, integrity, and availability of protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NETGEAR ProSAFE Network Management System versions (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can be bypassed. The specific flaw exists within the `getNodesByTopologyMapSearch` function, resulting from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this issue to execute code in the context of SYSTEM. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** NETGEAR ProSAFE Network Management System (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this issue, the existing authentication mechanism can be bypassed. The specific flaw exists within the BkreProcessThread class, resulting from an exposed dangerous function, which can be leveraged to execute code in the context of SYSTEM. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** NETGEAR ProSAFE Network Management System (affected versions not specified) **Description** The issue is related to the lack of proper validation of user-supplied data in the MFileUploadController class, allowing the upload of arbitrary files. This can enable a remote attacker to execute arbitrary code on affected installations, even though authentication is typically required. The existing authentication mechanism can be bypassed, and an attacker can leverage this issue to execute code in the context of SYSTEM. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NETGEAR ProSAFE Network Management System (affected versions not specified) **Description** The issue is related to the SettingConfigController class in the NETGEAR ProSAFE Network Management System, which lacks an authorization procedure. This allows a remote attacker to execute arbitrary code in the context of SYSTEM by leveraging an exposed dangerous function. Although authentication is typically required, the existing mechanism can be bypassed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware Workspace ONE Access and Identity Manager (affected versions not specified) **Description** The issue is an authenticated remote code execution vulnerability. It has been evaluated to be in the Important severity range. The vulnerability can be triggered by an authenticated administrator. Past authentication bypass vulnerabilities have been published, which could potentially be used in conjunction with this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NETGEAR RAX30 (affected versions not specified) **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations. The flaw exists within the configuration of the lighttpd HTTP server, resulting from allowing execution of files from untrusted sources. An attacker can leverage this to execute code in the context of root. Authentication is not required to exploit this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NETGEAR RAX30 (affected versions not specified) **Description** The issue is related to the handling of JSON data and results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. This can allow a remote attacker to execute arbitrary code in the context of root. Authentication is required to exploit this vulnerability. The specific flaw exists within the `rex cgi` JSON parsing functionality. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000) **Description** This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the parsing of APP files due to the lack of proper validation of user-supplied data, resulting in deserialization of untrusted data. An attacker can leverage this to execute code in the context of the current process. **Recommendations** For AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000), as a temporary workaround, consider disabling the parsing of APP files until a patch is available. Restrict access to untrusted data to minimize the risk of exploitation. Avoid using user-supplied data in the affected parsing process until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.