Wietse Boonstra

Name of the Vulnerable Software and Affected Versions: Videx CyberAudit-Web versions prior to 1.1.3 Description: A Server-Side Request Forgery (SSRF) vulnerability was discovered in the videx-legacy-ssl web service of Videx’s CyberAudit-Web. This issue could lead to unauthorized access to the underlying infrastructure. Recommendations: For versions prior to 1.1.3, update to a version after 1.1.3 to patch the vulnerability. As a temporary workaround, consider restricting access to the videx-legacy-ssl web service to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Videx CyberAudit-Web versions prior to 9.5 Description: An authentication bypass issue was found, allowing an attacker to create a valid session without credentials by exploiting a logic flaw. Recommendations: For versions prior to 9.5, update to a version later than 9.5, as a patch has been made available for all instances, including those that are End of Maintenance (EOM). If support is required, contact support@videx.com for assistance.

**Name of the Vulnerable Software and Affected Versions** SO Planning online planning tool versions prior to 1.52.02 **Description** A Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool, allowing an attacker to upload executable files to a publicly accessible folder without verifying any requirements. This leads to the possibility of executing code on the underlying system when the file is triggered. **Recommendations** For versions prior to 1.52.02, update to version 1.52.02 to resolve the issue. As a temporary workaround, consider restricting access to the file upload feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SO Planning tool versions prior to 1.52.02 **Description** An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this issue to gain access to the underlying database by exporting it as a CSV file. **Recommendations** For versions prior to 1.52.02, update to version 1.52.02 to resolve the issue. As a temporary workaround, consider disabling the public view setting until the update is applied. Restrict access to the database export functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SO Planning tool versions prior to 1.52.02 **Description** A SQL Injection issue has been found in the SO Planning tool when the public view setting is enabled, allowing an attacker to gain access to the underlying database. **Recommendations** For versions prior to 1.52.02, update to version 1.52.02 to resolve the issue. As a temporary workaround, consider disabling the public view setting until the update is applied.

**Name of the Vulnerable Software and Affected Versions** SO Planning versions prior to 1.52.02 **Description** A Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, an attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the underlying system. **Recommendations** For versions prior to 1.52.02, update to version 1.52.02 to resolve the issue. As a temporary workaround, consider disabling the public view setting until the update is applied. Restrict access to the PHP-file upload feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Enphase IQ Gateway (formerly known as Enphase) versions 4.x through 7.x **Description** The issue is related to an Improper Neutralization of Special Elements used in a Command, also known as a Command Injection vulnerability. This vulnerability can be exploited via the `url` parameter of an authenticated endpoint, allowing OS Command Injection. **Recommendations** For versions 4.x through 7.x, update the system's security measures promptly to ensure the vulnerability is resolved. As a temporary workaround, consider restricting access to the authenticated endpoint until a patch is available. Avoid using the `url` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Enphase IQ Gateway (formerly known as Envoy) versions 4.x through 8.x and less than 8.2.4225 **Description** The issue is related to a Path Traversal vulnerability, which allows an unauthenticated attacker to access or create arbitrary files via a URL parameter. This vulnerability affects Enphase IQ Gateway, formerly known as Envoy, and can be exploited by attackers to compromise exposed systems. **Recommendations** For Enphase IQ Gateway versions 4.x through 8.x and less than 8.2.4225, upgrade to version 8.2.4225 or later to mitigate the threat. As a temporary workaround, consider restricting access to the vulnerable URL parameter until a patch is available. Avoid using the vulnerable URL parameter in the affected Enphase IQ Gateway until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Enphase IQ Gateway (formerly known as Envoy) versions 4.x through 8.x **Description** The issue is related to an improper neutralization of special elements used in a command, allowing OS command injection. This vulnerability is present in an internal script and poses a serious threat, as attackers can exploit a flaw in these scripts. **Recommendations** For Enphase IQ Gateway (formerly known as Envoy) versions 4.x through 8.x, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Enphase IQ Gateway (formerly known as Envoy) versions 4.x through 8.0 and less than 8.2.4225 **Description** The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a Path Traversal vulnerability. This vulnerability allows file manipulation through a URL parameter in the Enphase IQ Gateway. The endpoint requires authentication, meaning an attacker would need to have valid credentials to exploit this issue. **Recommendations** For versions 4.x through 8.0 and less than 8.2.4225, update to version 8.2.4225 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable URL parameter until a patch is available. Avoid using the vulnerable URL parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Enphase IQ Gateway (formerly known as Envoy) versions 4.x through 8.x and versions prior to 8.2.4225 **Description** The issue is related to an Improper Neutralization of Special Elements used in a Command, also known as 'Command Injection' vulnerability. This vulnerability can be exploited through an URL parameter of an authenticated endpoint, allowing OS Command Injection. **Recommendations** For Enphase IQ Gateway versions 4.x through 8.x and versions prior to 8.2.4225, update to version 8.2.4225 or later to resolve the issue. As a temporary workaround, consider restricting access to the authenticated endpoint until a patch is available. Avoid using the vulnerable URL parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Envoy versions 4.x through 5.x **Description** The issue is related to inadequate encryption strength, allowing an authenticated attacker to execute arbitrary OS commands via encrypted package upload. **Recommendations** For Envoy versions 4.x through 5.x, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions mentioned. **Description** An issue allows an administrator to execute commands as root via the alerts management dialog. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions mentioned **Description** The issue allows an authenticated administrator to craft an alert that can execute a Server-Side Request Forgery (SSRF) attack, but only with POST requests. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned. **Description** The issue allows an attacker to launch a Reflected XSS attack using a crafted URL. This type of attack occurs when an application takes user input and reflects it back to the user without proper validation or encoding, allowing an attacker to inject malicious code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned. **Description** The issue allows local users to execute scripts under root privileges. This means that users with local access can potentially run commands or scripts with elevated privileges, posing a significant security risk. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The issue allows an authenticated attacker to create alerts that trigger a stored XSS attack. This means an attacker with authentication credentials can create malicious alerts that, when triggered, execute malicious scripts stored on the victim's browser, potentially leading to unauthorized actions or data theft. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned. **Description** The issue allows an authenticated administrator to remotely execute arbitrary shell commands via the API. This could potentially lead to unauthorized access and control of the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ITarian platform (SAAS and on-premise) (affected versions not specified) **Description** A remote attacker can obtain sensitive information due to the failure to set the HTTP Only flag within the Service Desk module. This issue can be exploited in combination with a successful Cross-Site Scripting attack to gain access to the management interface. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ITarian Endpoint Manage Communication Client versions prior to 6.43.41148.21120 **Description** The issue is related to the ITarian Endpoint Manage Communication Client being compiled with insecure OpenSSL settings. This allows a malicious actor with low privileges access to a system to escalate their privileges to SYSTEM by abusing an insecure openssl.conf lookup. **Recommendations** For versions prior to 6.43.41148.21120, update to version 6.43.41148.21120 or later to resolve the issue. As a temporary workaround, consider restricting access to the openssl.conf file to minimize the risk of exploitation.