Tobias Ospelt

**Name of the Vulnerable Software and Affected Versions** Wind River VxWorks versions 6.9 through 7 **Description** An issue was discovered in the `tarExtract` function, which implements TAR file extraction and processes files within an archive that have relative or absolute file paths. This could lead to unexpected and undocumented behavior, resulting in a directory traversal and associated unexpected behavior. A developer using the `tarExtract` function may expect that the function will strip leading slashes from absolute paths or stop processing when encountering relative paths that are outside of the extraction path, unless otherwise forced. The vulnerability may allow a remote attacker to execute arbitrary commands by injecting a malicious tar file. **Recommendations** For Wind River VxWorks versions 6.9 through 7, consider disabling the `tarExtract` function until a patch is available to prevent potential directory traversal attacks. Restrict access to the `tarExtract` function to minimize the risk of exploitation. Avoid using the `tarExtract` function with untrusted tar files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Busybox version 1.33.2 **Description** An issue in the CPIO command of Busybox allows attackers to execute a directory traversal. **Recommendations** For Busybox version 1.33.2, consider disabling the CPIO command until a patch is available. Restrict access to the CPIO command to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Crealogix EBICS version 7.0 **Description** A vulnerability was found in the /ebics-server/ebics.aspx component of Crealogix EBICS, which can be exploited to conduct a cross-site scripting (XSS) attack. The attack may be launched remotely. The issue arises due to inadequate protection of the web page structure. **Recommendations** For Crealogix EBICS version 7.0, upgrade to version 7.1 to address this issue. As a temporary workaround, consider restricting access to the /ebics-server/ebics.aspx endpoint until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** Telecommunication Software SAMwin Contact Center Suite version 5.1 **Description** A critical issue has been found in the software, affecting the `getCurrentDBVersion` function in the `SAMwinLIBVB.dll` library of the database handler. This leads to sql injection. The issue has been publicly disclosed and may be exploited. **Recommendations** For Telecommunication Software SAMwin Contact Center Suite version 5.1, upgrade to version 6.2 to address the issue. As a temporary workaround, consider restricting access to the `getCurrentDBVersion` function in the `SAMwinLIBVB.dll` library until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** Telecommunication Software SAMwin Contact Center Suite version 5.1 **Description** A critical issue was found in the Password Handler component, specifically affecting the `passwordScramble` function in the `SAMwinLIBVB.dll` library. This is due to an incorrect implementation of a hashing function, leading to predictable authentication possibilities. **Recommendations** For Telecommunication Software SAMwin Contact Center Suite version 5.1, upgrade to version 6.2 to address the issue. It is recommended to upgrade the affected Password Handler component.

**Name of the Vulnerable Software and Affected Versions** Telecommunication Software SAMwin Contact Center Suite version 5.1 **Description** A critical issue affects the function `getCurrentDBVersion` in the library `SAMwinLIBVB.dll` of the credential handler, allowing authentication with hard-coded credentials. **Recommendations** For Telecommunication Software SAMwin Contact Center Suite version 5.1, upgrade to version 6.2 to address this issue.

**Name of the Vulnerable Software and Affected Versions** Combodo iTop versions prior to 2.5.4 Combodo iTop versions prior to 2.6.3 Combodo iTop versions prior to 2.7.0 **Description** A post-authentication privilege escalation issue in the web application of Combodo iTop allows regular authenticated users to access and modify information with administrative privileges. This occurs when the application fails to follow the HTTP Location header in server responses. **Recommendations** For versions prior to 2.5.4, update to version 2.5.4 or later. For versions prior to 2.6.3, update to version 2.6.3 or later. For versions prior to 2.7.0, update to version 2.7.0 or later.

**Name of the Vulnerable Software and Affected Versions** Java SE versions 6u201, 7u191, and 8u182 Java SE Embedded version 8u181 JRockit version R28.3.19 **Description** The issue is related to the Sound component of Oracle Java SE, Java SE Embedded, and JRockit, and is caused by inadequate access control. It allows an unauthenticated attacker with network access via multiple protocols to compromise the system, resulting in a partial denial of service (partial DOS). This vulnerability applies to Java deployments that load and run untrusted code and rely on the Java sandbox for security. It can also be exploited through APIs in the specified component. **Recommendations** For Java SE versions 6u201, 7u191, and 8u182, update to a version that contains a fix for this issue. For Java SE Embedded version 8u181, update to a version that contains a fix for this issue. For JRockit version R28.3.19, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the Sound component until a patch is available. Avoid using APIs in the Sound component that may be vulnerable to exploitation until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Java SE versions 8u182 and 11 Java SE Embedded version 8u181 JRockit version R28.3.19 **Description** The issue is related to insufficient access control in the Scripting component of Java SE, Java SE Embedded, and JRockit, allowing an unauthenticated attacker with network access via multiple protocols to compromise these systems. Successful attacks can result in the takeover of Java SE, Java SE Embedded, and JRockit. This vulnerability applies to Java deployments that load and run untrusted code and rely on the Java sandbox for security. It can also be exploited through APIs in the specified component. **Recommendations** For Java SE versions 8u182 and 11, update to a version that includes the fix for this issue. For Java SE Embedded version 8u181, update to a version that includes the fix for this issue. For JRockit version R28.3.19, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Scripting component until a patch is available. Avoid using APIs in the specified component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache Tika versions prior to 1.18 **Description** A carefully crafted file can trigger an infinite loop in Apache Tika's BPGParser. **Recommendations** For versions prior to 1.18, update to version 1.18 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Good for Enterprise application version 3.0.0.415 **Description** The issue concerns the lack of signature protection for the Authentication Delegation API intent in the Good for Enterprise application. Additionally, the Good Dynamic application activation process fails to detect malicious activation attempts involving modified names starting with a `com.good.gdgma` substring. This could allow an attacker to gain access to intranet data, but only if a malicious Android application has already been downloaded by the user. **Recommendations** For Good for Enterprise application version 3.0.0.415, consider restricting access to the Authentication Delegation API intent until a fix is available, and ensure that the Good Dynamic application activation process is modified to detect malicious activation attempts involving modified names starting with a `com.good.gdgma` substring.