Tudor Enache

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 117.0.5938.62 **Description** The issue is related to insufficient policy enforcement in the Downloads component of Google Chrome, allowing a remote attacker to bypass Enterprise policy restrictions. This can be achieved via a crafted download. **Recommendations** For versions prior to 117.0.5938.62, update to version 117.0.5938.62 or later to resolve the issue. As a temporary workaround, consider restricting access to the Downloads component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Scanner (affected versions not specified) **Description** An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EMC Documentum Webtop versions prior to 6.7 SP2 P07 EMC Documentum WDK versions prior to 6.7 SP2 P07 EMC Documentum Taskspace versions prior to 6.7 SP2 P07 EMC Documentum Records Manager versions prior to 6.7 SP2 P07 EMC Documentum Web Publisher versions prior to 6.5 SP7 EMC Documentum Digital Asset Manager versions prior to 6.5 SP6 EMC Documentum Administrator versions prior to 6.7 SP2 P07 EMC Documentum Capital Projects versions prior to 1.8 P01 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL. This can be exploited by sending a malicious URL with a crafted parameter to inject web script or HTML. **Recommendations** For EMC Documentum Webtop versions prior to 6.7 SP2 P07, update to version 6.7 SP2 P07 or later. For EMC Documentum WDK versions prior to 6.7 SP2 P07, update to version 6.7 SP2 P07 or later. For EMC Documentum Taskspace versions prior to 6.7 SP2 P07, update to version 6.7 SP2 P07 or later. For EMC Documentum Records Manager versions prior to 6.7 SP2 P07, update to version 6.7 SP2 P07 or later. For EMC Documentum Web Publisher versions prior to 6.5 SP7, update to version 6.5 SP7 or later. For EMC Documentum Digital Asset Manager versions prior to 6.5 SP6, update to version 6.5 SP6 or later. For EMC Documentum Administrator versions prior to 6.7 SP2 P07, update to version 6.7 SP2 P07 or later. For EMC Documentum Capital Projects versions prior to 1.8 P01, update to version 1.8 P01 or later.

**Name of the Vulnerable Software and Affected Versions** Dell iDRAC6 versions prior to 1.96 Dell iDRAC7 versions prior to 1.46.45 **Description** A cross-site scripting (XSS) issue exists in the login page of the Administrative Web Interface, allowing remote attackers to inject arbitrary web script or HTML via the `ErrorMsg` parameter. This could potentially lead to unauthorized actions on the affected device. **Recommendations** For Dell iDRAC6 versions prior to 1.96, update the firmware to version 1.96 or later. For Dell iDRAC7 versions prior to 1.46.45, update the firmware to version 1.46.45 or later.

**Name of the Vulnerable Software and Affected Versions** Corporater EPM Suite (affected versions not specified) **Description** A cross-site request forgery (CSRF) issue exists in the saveProperties.html file, allowing remote attackers to hijack the authentication of arbitrary users for requests that change passwords. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Corporater EPM Suite (affected versions not specified) **Description** The issue is related to a cross-site scripting (XSS) vulnerability, which allows remote attackers to inject arbitrary web script or HTML. This is achieved by manipulating the `customerId` parameter in an unspecified component. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.