William Summerhill

**Name of the Vulnerable Software and Affected Versions** Global RADAR BSA Radar versions 1.6.7234.24750 and earlier **Description** The issue concerns stored cross-site scripting (XSS) via the Update User Profile feature. Specifically, the `Firstname` and `Lastname` parameters are vulnerable. **Recommendations** For Global RADAR BSA Radar versions 1.6.7234.24750 and earlier, consider restricting the use of the `Firstname` and `Lastname` parameters in the Update User Profile feature until a fix is available. Avoid using these parameters to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Global RADAR BSA Radar versions 1.6.7234.24750 and earlier **Description** The issue lacks valid authorization controls in multiple functions, which can allow for manipulation and takeover of user accounts if successfully exploited. The vulnerable functions exposed are: ChangePassword, SaveUserProfile, and GetUser. **Recommendations** For Global RADAR BSA Radar versions 1.6.7234.24750 and earlier, consider disabling the ChangePassword, SaveUserProfile, and GetUser functions until a patch is available to prevent potential exploitation. Restrict access to these functions to minimize the risk of account manipulation and takeover.

**Name of the Vulnerable Software and Affected Versions** Global RADAR BSA Radar versions 1.6.7234.24750 and earlier **Description** A privilege escalation issue exists that allows an authenticated, low-privileged user to escalate their privileges to administrator rights, specifically the BankAdmin role, by modifying SaveUser data. **Recommendations** For Global RADAR BSA Radar versions 1.6.7234.24750 and earlier, update to a version that contains a fix for this issue to prevent privilege escalation.

**Name of the Vulnerable Software and Affected Versions** Global RADAR BSA Radar versions 1.6.7234.24750 and earlier **Description** The issue allows users to view local files on the web server by manipulating the `FileName` and `FilePath` parameters in the URL, or while using a proxy, potentially exposing sensitive files or configuration files. This is possible through the `downloadFile.ashx` in the Administrator section of the Surveillance module. **Recommendations** For Global RADAR BSA Radar versions 1.6.7234.24750 and earlier, as a temporary workaround, consider restricting access to the `downloadFile.ashx` file in the Administrator section of the Surveillance module to minimize the risk of exploitation. Avoid using the `FileName` and `FilePath` parameters in the affected URL until the issue is resolved.