William Vu

Name of the Vulnerable Software and Affected Versions: Sage X3 System (affected versions not specified) Description: The issue allows an authenticated user with developer access to inject OS commands via the `CHAINE` variable used by the web application. It is noted that this developer configuration should not be deployed in production. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Ivanti MobileIron Core versions prior to 11.1.0.0 Description: The issue allows an attacker to escape the restricted clish shell by abusing the 'install rpm url' command. This was fixed in version 11.1.0.0. Recommendations: For versions prior to 11.1.0.0, update to version 11.1.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the 'install rpm url' command until the update can be applied.

Name of the Vulnerable Software and Affected Versions: Ivanti MobileIron Core versions prior to 11.1.0.0 Description: The issue allows an attacker to escape the restricted clish shell by abusing the 'install rpm info detail' command. This was fixed in version 11.1.0.0. Recommendations: For versions prior to 11.1.0.0, update to version 11.1.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the 'install rpm info detail' command until the update is applied.

Name of the Vulnerable Software and Affected Versions: Sage X3 versions prior to 9 with Syracuse 9.22.7.2 Sage X3 HR & Payroll versions prior to 9 with Syracuse 9.24.1.3 Sage X3 versions prior to 11 with Syracuse 11.25.2.6 Sage X3 versions prior to 12 with Syracuse 12.10.2.8 Description: A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directory of the product. This issue can be combined with another vulnerability to achieve full remote code execution (RCE). Recommendations: For Sage X3 versions prior to 9 with Syracuse 9.22.7.2, update to AdxAdmin 93.2.53 or later. For Sage X3 HR & Payroll versions prior to 9 with Syracuse 9.24.1.3, update to AdxAdmin 93.2.53 or later. For Sage X3 versions prior to 11 with Syracuse 11.25.2.6, update to AdxAdmin 93.2.53 or later. For Sage X3 versions prior to 12 with Syracuse 12.10.2.8, update to AdxAdmin 93.2.53 or later.

**Name of the Vulnerable Software and Affected Versions** Advantech iView versions prior to 5.7.03.6112 **Description** The issue concerns missing authentication in the configuration access of the affected software, potentially allowing an unauthorized attacker to modify the configuration and achieve code execution. **Recommendations** For versions prior to 5.7.03.6112, update to version 5.7.03.6112 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Advantech iView versions prior to v5.7.03.6112 **Description** The issue allows an attacker to perform directory traversal, potentially enabling them to read sensitive files. **Recommendations** For Advantech iView versions prior to v5.7.03.6112, update to version v5.7.03.6112 or later to resolve the issue.