Victor Gevers

**Name of the Vulnerable Software and Affected Versions** No specific software or versions mentioned **Description** The issue allows an authenticated administrator to craft an alert that can execute a Server-Side Request Forgery (SSRF) attack, but only with POST requests. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions mentioned. **Description** An issue allows an administrator to execute commands as root via the alerts management dialog. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The issue allows an authenticated attacker to create alerts that trigger a stored XSS attack. This means an attacker with authentication credentials can create malicious alerts that, when triggered, execute malicious scripts stored on the victim's browser, potentially leading to unauthorized actions or data theft. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned. **Description** The issue allows local users to execute scripts under root privileges. This means that users with local access can potentially run commands or scripts with elevated privileges, posing a significant security risk. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned. **Description** The issue allows an authenticated administrator to remotely execute arbitrary shell commands via the API. This could potentially lead to unauthorized access and control of the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned. **Description** The issue allows an attacker to launch a Reflected XSS attack using a crafted URL. This type of attack occurs when an application takes user input and reflects it back to the user without proper validation or encoding, allowing an attacker to inject malicious code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ITarian platform (SAAS and on-premise) (affected versions not specified) **Description** A remote attacker can obtain sensitive information due to the failure to set the HTTP Only flag within the Service Desk module. This issue can be exploited in combination with a successful Cross-Site Scripting attack to gain access to the management interface. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ITarian platform versions prior to 6.35.37347.20040 **Description** The ITarian platform has a vulnerability in its approval process for procedures, which allows a malicious actor with a valid session token to create a procedure, bypass approval, and execute it. This results in the ability to perform arbitrary code execution and full system take-over on all agents. **Recommendations** For versions prior to 6.35.37347.20040, update to version 6.35.37347.20040 or later to resolve the issue. As a temporary workaround, consider restricting access to the procedure function to minimize the risk of exploitation. Additionally, restrict the use of valid session tokens to only necessary users to reduce the attack surface.

**Name of the Vulnerable Software and Affected Versions** ITarian Endpoint Manage Communication Client versions prior to 6.43.41148.21120 **Description** The issue is related to the ITarian Endpoint Manage Communication Client being compiled with insecure OpenSSL settings. This allows a malicious actor with low privileges access to a system to escalate their privileges to SYSTEM by abusing an insecure openssl.conf lookup. **Recommendations** For versions prior to 6.43.41148.21120, update to version 6.43.41148.21120 or later to resolve the issue. As a temporary workaround, consider restricting access to the openssl.conf file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SmarterTools SmarterTrack version 100.0.8019.14010 **Description** The issue is a Cross-site Scripting (XSS) vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a website, potentially leading to unauthorized access or control of user sessions. **Recommendations** For SmarterTools SmarterTrack version 100.0.8019.14010, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SmarterTrack version 100.0.8019.14010 **Description** The application can be tricked into overwriting files in the app data/Config folder, such as the systemsettings.xml file, with administrator or admin privileges. **Recommendations** For SmarterTrack version 100.0.8019.14010, consider restricting access to the app data/Config folder to prevent unauthorized file overwrites until a patch is available. As a temporary workaround, limit administrator privileges to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SmarterTools SmarterTrack version 100.0.8019.14010 **Description** The issue is a Stored XSS in SmarterTools SmarterTrack. **Recommendations** For SmarterTools SmarterTrack version 100.0.8019.14010, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SmarterTools SmarterTrack version 100.0.8019.14010 **Description** A Direct Object Access issue in SmarterTools SmarterTrack leads to information disclosure. **Recommendations** For SmarterTools SmarterTrack version 100.0.8019.14010, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Kaseya Unitrends Backup Software versions prior to 10.5.5-2 **Description** An issue was discovered in the server software, allowing a privilege escalation from a read-only user to an admin. **Recommendations** For versions prior to 10.5.5-2, update to version 10.5.5-2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Kaseya Unitrends Backup Software versions prior to 10.5.5-2 **Description** An issue was discovered in the server software, allowing authenticated remote code execution. **Recommendations** For versions prior to 10.5.5-2, update to version 10.5.5-2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Kaseya VSA versions prior to 9.5.6 **Description** The issue concerns an XML External Entity (XXE) vulnerability. It allows an attacker to submit malicious XML to the system via the API endpoint "/vsaWS/KaseyaWS.asmx". When this XML is processed, external entities are insecurely resolved and fetched by the system, potentially returning sensitive information to the attacker. This can be exploited to read any file on the server that the web server process can access. Additionally, it can be used to perform HTTP(s) requests within the local network, allowing an attacker to use the Kaseya system to pivot into the local network. **Recommendations** For versions prior to 9.5.6, update to version 9.5.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/vsaWS/KaseyaWS.asmx" API endpoint until a patch is applied. Avoid using the `XmlRequest` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Kaseya VSA versions prior to 9.5.6 **Description** The issue allows for semi-authenticated local file inclusion, where the contents of arbitrary files can be returned by the web server. A valid session ID is required but can be easily obtained. This can be exploited through a crafted request, such as visiting a specific URL with a manipulated `path` parameter, for example, `https://x.x.x.x/KLC/js/Kaseya.SB.JS/js.aspx?path=C:KaseyaWebPagesdl.asp`. **Recommendations** For versions prior to 9.5.6, update to version 9.5.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the `js.aspx` endpoint until a patch is applied. Avoid using the `path` parameter in the affected API endpoint until the issue is resolved.