Wolfgang Ettlinger

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 148.0.7778.168 **Description** Incorrect security UI in Fullscreen allows a remote attacker to perform UI spoofing via a crafted HTML page. **Recommendations** Update to version 148.0.7778.168 or later.

**Name of the Vulnerable Software and Affected Versions** IBM Spectrum Virtualize versions 8.3 through 8.5 **Description** The issue is related to the disclosure of SNMPv3 server credentials through log files. This could allow a remote attacker to gain unauthorized access to protected information. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For IBM Spectrum Virtualize versions 8.3 through 8.5, consider restricting access to log files to minimize the risk of exploitation. As a temporary workaround, limit the privileges of authenticated users who can access these log files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Spectrum Virtualize versions 8.2 through 8.5 **Description** The issue is related to insufficient protection of internal data in the graphical user interface of the software, which can be exploited by an authenticated user to execute arbitrary code and escalate their privileges on the system. **Recommendations** For IBM Spectrum Virtualize versions 8.2 through 8.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache MyFaces Core versions 2.2.0 through 2.2.13 Apache MyFaces Core versions 2.3.0 through 2.3.7 Apache MyFaces Core versions 2.3-next-M1 through 2.3-next-M4 Apache MyFaces Core version 3.0.0-RC1 **Description** The issue arises from the use of cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens in the default configuration. This weakness makes it possible, although difficult, for an attacker to calculate a future CSRF token value and use it to trick a user into executing unwanted actions on an application. **Recommendations** For Apache MyFaces Core versions 2.2.0 through 2.2.13, update the web.xml configuration parameters to use SecureRandom for CSRF token generation by setting `org.apache.myfaces.RANDOM KEY IN VIEW STATE SESSION TOKEN`, `org.apache.myfaces.RANDOM KEY IN CSRF SESSION TOKEN`, and `org.apache.myfaces.RANDOM KEY IN WEBSOCKET SESSION TOKEN` to `secureRandom`. For Apache MyFaces Core versions 2.3.0 through 2.3.7, update the web.xml configuration parameters to use SecureRandom for CSRF token generation by setting `org.apache.myfaces.RANDOM KEY IN VIEW STATE SESSION TOKEN`, `org.apache.myfaces.RANDOM KEY IN CSRF SESSION TOKEN`, and `org.apache.myfaces.RANDOM KEY IN WEBSOCKET SESSION TOKEN` to `secureRandom`. For Apache MyFaces Core versions 2.3-next-M1 through 2.3-next-M4, update the web.xml configuration parameters to use SecureRandom for CSRF token generation by setting `org.apache.myfaces.RANDOM KEY IN VIEW STATE SESSION TOKEN`, `org.apache.myfaces.RANDOM KEY IN CSRF SESSION TOKEN`, and `org.apache.myfaces.RANDOM KEY IN WEBSOCKET SESSION TOKEN` to `secureRandom`. For Apache MyFaces Core version 3.0.0-RC1, update the web.xml configuration parameters to use SecureRandom for CSRF token generation by setting `org.apache.myfaces.RANDOM KEY IN VIEW STATE SESSION TOKEN`, `org.apache.myfaces.RANDOM KEY IN CSRF SESSION TOKEN`, and `org.apache.myfaces.RANDOM KEY IN WEBSOCKET SESSION TOKEN` to `secureRandom`.

**Name of the Vulnerable Software and Affected Versions** Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 **Description** A cross-site scripting (XSS) issue could allow an attacker to tamper with the web interface of the product. This affects the product's ability to maintain a secure user interface. **Recommendations** For Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2, consider disabling access to the web interface until a patch is available to prevent potential tampering by an attacker. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 **Description** A CSRF protection bypass issue could allow an attacker to trick a victim's browser into sending a specifically encoded request without a valid token. **Recommendations** For version 6.5 SP2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 **Description** A vulnerability could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths. **Recommendations** For Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2, consider restricting access to anonymous users until a patch is available. As a temporary workaround, limit the manipulation of request paths to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 **Description** A vulnerability could allow an attacker to send requests that appear to come from the localhost, potentially exposing the product's admin interface to users who would not normally have access. **Recommendations** For Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2, consider restricting access to the admin interface as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Trend Micro InterScan Web Security Virtual Appliance (affected versions not specified) **Description** The issue concerns a vulnerability in the Trend Micro InterScan Web Security Virtual Appliance. No specific details about the nature of the vulnerability, affected devices, or real-world incidents are provided. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 **Description** A command injection issue could allow an unauthenticated attacker to execute certain commands by providing a manipulated password, when the improved password hashing method is enabled. **Recommendations** For Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2, consider disabling the improved password hashing method until a patch is available. Restrict access to the appliance to minimize the risk of exploitation. Avoid using manipulated passwords in the affected system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenPGP.js versions prior to 4.3.0 **Description** A cryptographic issue allows an attacker to conduct an invalid curve attack, potentially gaining the victim's ECDH private key. This occurs when the attacker can provide forged messages and receive feedback about whether decryption succeeded. The issue stems from the implementation of ECDH, which fails to verify the validity of the communication partner's public key, allowing attackers to exfiltrate the victim's private key by choosing an altered curve. An attack requires the ability to initiate message decryption and record the result, and the victim's key must offer an ECDH public key. **Recommendations** Upgrade to version 4.3.0 or later. If you are upgrading from a version <4.0.0, it is highly recommended to read the `High-Level API Changes` section of the `openpgp` 4.0.0 release.

**Name of the Vulnerable Software and Affected Versions** openpgp versions prior to 4.2.0 **Description** The issue is related to improper verification of cryptographic signatures in OpenPGP.js, allowing an attacker to pass off unsigned data as signed. Specifically, the OpenPGP standard allows signature packets to have subpackets which may be hashed or unhashed, but unhashed subpackets are not cryptographically protected and cannot be trusted. The `openpgp` package does not verify whether a subpacket is hashed, and due to the order of parsing a signature packet, information from unhashed subpackets overwrites information from hashed subpackets. This may allow an attacker to modify the contents of a key certification signature or revocation signature, potentially convincing a victim to use an obsolete key for encryption. An attack requires a victim to import a manipulated key or update an existing key with a manipulated version. **Recommendations** Upgrade to version 4.2.0 or later. If you are upgrading from a version <4.0.0, it is highly recommended to read the `High-Level API Changes` section of the `openpgp` 4.0.0 release to ensure a smooth transition.

**Name of the Vulnerable Software and Affected Versions** openpgp versions prior to 4.2.0 **Description** The issue allows an attacker to forge signed messages by replacing their signatures with a "standalone" or "timestamp" signature. This is due to the improper verification of a cryptographic signature in OpenPGP.js. An attacker can construct a message with a signature type that only verifies subpackets without additional input, such as `standalone` or `timestamp`, allowing them to create arbitrary signed messages that would be verified correctly. **Recommendations** Upgrade to version 4.2.0 or later. If you are upgrading from a version <4.0.0, read the `High-Level API Changes` section of the `openpgp` 4.0.0 release to ensure a smooth transition.

**Name of the Vulnerable Software and Affected Versions** Oracle Access Manager versions 11.1.2.3.0 and 12.2.1.3.0 **Description** The issue allows an unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager, potentially leading to a takeover. This can significantly impact additional products. **Recommendations** For version 11.1.2.3.0, refer to My Oracle Support Note 2386496.1 for instructions on how to address this issue. For version 12.2.1.3.0, refer to My Oracle Support Note 2386496.1 for instructions on how to address this issue.

**Name of the Vulnerable Software and Affected Versions** OSCI Transport Library versions 1.6 through 1.6.1 **Description** The issue allows an attacker with access to unencrypted OSCI protocol messages to send crafted protocol messages with duplicate IDs, potentially exploiting the Signature Wrapping vulnerability in OSCI-Transport 1.2 as used in the OSCI Transport Library. **Recommendations** For OSCI Transport Library versions 1.6 through 1.6.1, consider implementing encryption for OSCI protocol messages to prevent unauthorized access and mitigate the risk of exploitation. As a temporary workaround, restrict access to unencrypted OSCI protocol messages until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OSCI Transport Library versions 1.6, 1.6.1 **Description** An XML External Entity (XXE) issue exists, which can be exploited by sending a crafted standard-conforming OSCI message from within the infrastructure. **Recommendations** For OSCI Transport Library version 1.6, consider disabling the XML parsing functionality until a patch is available. For OSCI Transport Library version 1.6.1, consider disabling the XML parsing functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OSCI Transport Library versions 1.6, 1.6.1 **Description** A Padding Oracle issue exists, allowing an attacker to decrypt transport encryption under a man-in-the-middle (MITM) condition within the OSCI infrastructure. The attacker must send crafted protocol messages to analyze the CBC mode padding. **Recommendations** For OSCI Transport Library version 1.6, update to a version that fixes the Padding Oracle issue. For OSCI Transport Library version 1.6.1, update to a version that fixes the Padding Oracle issue. As a temporary workaround, consider restricting access to the OSCI infrastructure to minimize the risk of exploitation.