Undr

**Name of the Vulnerable Software and Affected Versions** Identity Manager (affected versions not specified) **Description** An unauthenticated user can access specific page URLs of Identity Manager's management console. However, the system does not allow the user to carry out server-side tasks without a valid web session. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Symantec Identity Manager version 14.4 **Description** An authenticated administrator with physical access to the environment can execute remote commands on the Management Console. This issue affects the Management Console component. **Recommendations** For Symantec Identity Manager version 14.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Symantec Identity Manager version 14.4 **Description** An authenticated user can perform XML eXternal Entity injection in the Management Console. This issue allows for potential data exposure or other malicious activities. **Recommendations** For Symantec Identity Manager version 14.4, update to a version that includes a fix for this issue, as no specific workaround is provided in the available information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Spectrum Protect Servers versions 7.1 through 8.1 IBM Spectrum Protect Storage Agents versions 7.1 through 8.1 **Description** A local attacker could gain elevated privileges on the system by loading a specially crafted library loaded by the dsmqsan module. This could allow the attacker to gain root privileges on the vulnerable system. **Recommendations** For IBM Spectrum Protect Servers versions 7.1 through 8.1, consider restricting access to the dsmqsan module until a patch is available. For IBM Spectrum Protect Storage Agents versions 7.1 through 8.1, consider restricting access to the dsmqsan module until a patch is available.