Vlad Bakin

**Name of the Vulnerable Software and Affected Versions** AMI MegaRAC (affected versions not specified) **Description** The issue is related to insufficient password hash computation in the Redfish and API components of the AMI MegaRAC firmware. This could allow a remote attacker to gain unauthorized access to protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AMI Megarac (affected versions not specified) **Description** The issue is related to the interception of password reset requests via API. There is also a mention of a vulnerability in the OpenSSL library used by the TYCHON network endpoint management tools, which is related to incorrect restriction of access to a directory with limited access. Exploitation of this vulnerability may allow an attacker to execute arbitrary code with SYSTEM privileges using a specially crafted file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.