Tim Kornhuber

**Name of the Vulnerable Software and Affected Versions** PaperCut Print Deploy (affected versions not specified) **Description** PaperCut Print Deploy, an optional component integrated with PaperCut NG/MF, is susceptible to man-in-the-middle attacks if not correctly configured with a trusted certificate. Insufficient documentation regarding SSL configuration may lead to misconfiguration of the client installation, potentially exposing communication between clients and the server. **Recommendations** Use valid certificates to secure installations. Follow the updated documentation to ensure correct SSL configuration. If using private CAs or self-signed certificates, ensure the Certification Authority certificate, or the self-signed certificate if using only one, is copied to the operating system's trust store and the Java key store.

**Name of the Vulnerable Software and Affected Versions** Mitel OpenScape 4000 versions V10 R1.54.1 and earlier Mitel OpenScape 4000 Manager versions V10 R1.54.1 and earlier Mitel OpenScape 4000 versions V11 through R0.22.1 Mitel OpenScape 4000 Manager versions V11 through R0.22.1 **Description** The issue allows an authenticated attacker to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges. **Recommendations** For Mitel OpenScape 4000 versions V10 R1.54.1 and earlier, update to a version later than V10 R1.54.1 to resolve the issue. For Mitel OpenScape 4000 Manager versions V10 R1.54.1 and earlier, update to a version later than V10 R1.54.1 to resolve the issue. For Mitel OpenScape 4000 versions V11 through R0.22.1, update to a version later than R0.22.1 to resolve the issue. For Mitel OpenScape 4000 Manager versions V11 through R0.22.1, update to a version later than R0.22.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mitel OpenScape 4000 and OpenScape 4000 Manager versions V11 R0.22.0 through V11 R0.22.1 Mitel OpenScape 4000 and OpenScape 4000 Manager versions V10 R1.54.0 through V10 R1.54.1 Mitel OpenScape 4000 and OpenScape 4000 Manager versions V10 R1.42.6 and earlier **Description** The Platform component could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands within the same privilege level as the web access process. **Recommendations** For versions V11 R0.22.0 through V11 R0.22.1, update to a version that addresses the command injection issue. For versions V10 R1.54.0 through V10 R1.54.1, update to a version that addresses the command injection issue. For versions V10 R1.42.6 and earlier, update to a version that addresses the command injection issue. As a temporary workaround, consider restricting access to the Platform component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** macOS Catalina versions prior to 10.15.7 **Description** A file access issue existed with certain home folder files, allowing a malicious application to potentially read sensitive location information. This issue was addressed with improved access restrictions. **Recommendations** For macOS Catalina versions prior to 10.15.7, update to macOS Catalina 10.15.7 to resolve the issue.