Thai Nguyen

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ADManager Plus versions prior to 7110 Description: The issue is related to a Post-Auth OS command injection. This means that after authentication, an attacker could potentially inject commands to the operating system, which could lead to unauthorized access or control. Recommendations: For Zoho ManageEngine ADManager Plus versions prior to 7110, update to a version later than 7110 to resolve the issue. As a temporary workaround, consider restricting access to the administrative interface to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Oracle Applications Manager versions 12.1.3 and 12.2.3 through 12.2.10 Description: The issue is related to insufficient input validation in the SQL Extensions component of Oracle Applications Manager in Oracle E-Business Suite. This can be exploited by a remote attacker to gain unauthorized access to protected information via the HTTP protocol. Successful attacks may result in unauthorized read access to a subset of Oracle Applications Manager accessible data. Recommendations: For versions 12.1.3, update to a version that includes the fix for this issue. For versions 12.2.3 through 12.2.10, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the SQL Extensions component until a patch is available.