Vipin Chaudhary

**Name of the Vulnerable Software and Affected Versions** HashiCorp Vault Community Edition versions prior to 2.0.0 HashiCorp Vault Enterprise versions prior to 1.19.16 HashiCorp Vault Enterprise versions 1.19.16 through 1.20.9 HashiCorp Vault Enterprise versions 1.20.10 through 1.21.4 HashiCorp Vault Enterprise versions prior to 1.21.5 HashiCorp Vault Enterprise versions prior to 2.0.0 **Description** The PKI engine ACME validation fails to reject local targets during the issuance of 'http-01' and 'tls-alpn-01' challenges. This flaw may result in requests being directed to targets within the local network, which could lead to information disclosure. **Recommendations** Update HashiCorp Vault Community Edition to version 2.0.0. Update HashiCorp Vault Enterprise to version 1.19.16, 1.20.10, 1.21.5, or 2.0.0.

**Name of the Vulnerable Software and Affected Versions** Cisco ACI Multi-Site Orchestrator (MSO) (affected versions not specified) **Description** The issue is related to improper authorization on specific APIs in the API implementation of Cisco ACI Multi-Site Orchestrator (MSO). This allows an authenticated, remote attacker to elevate privileges on an affected device by sending crafted HTTP requests. A successful exploit could allow an attacker who is authenticated with non-Administrator privileges to elevate to Administrator privileges on an affected device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Avaya Equinox Management(iView) versions R9.1.9.0 and earlier **Description** A directory traversal issue has been discovered, potentially allowing an unauthenticated attacker to access files outside the restricted directory on the remote server. **Recommendations** For Avaya Equinox Management(iView) versions R9.1.9.0 and earlier, update to a version later than R9.1.9.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** OpenText Documentum D2 Webtop version 4.6.0030 build 059 **Description** A Reflected Cross-Site Scripting issue could potentially be exploited by malicious users to compromise the affected system. The issue is related to the servlet/Download, ` docbase` or ` username` parameter. **Recommendations** For OpenText Documentum D2 Webtop version 4.6.0030 build 059, consider restricting access to the servlet/Download endpoint and avoid using the ` docbase` or ` username` parameter until a fix is available.

**Name of the Vulnerable Software and Affected Versions** OpenText Documentum D2 Webtop version 4.6.0030 build 059 **Description** A Stored Cross-Site Scripting issue could potentially be exploited by malicious users to compromise the affected system via a filename of an uploaded image file. **Recommendations** For OpenText Documentum D2 Webtop version 4.6.0030 build 059, consider restricting the upload of image files or validating filenames to prevent malicious input until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Wampserver versions prior to 3.1.3 **Description** The issue concerns a CSRF vulnerability in the add vhost.php file. **Recommendations** For versions prior to 3.1.3, update to version 3.1.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WampServer version 3.1.1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `virtual del` parameter. This can lead to the execution of malicious scripts on the client-side. **Recommendations** For WampServer version 3.1.1, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.