Y. Kahveci

**Name of the Vulnerable Software and Affected Versions** Zabbix (affected versions not specified) **Description** A standard Zabbix user lacking the necessary permissions for the Monitoring -> Problems view can still execute the `problem.view.refresh` action, allowing them to retrieve a list of active problems. This bypasses intended access controls. The affected action is `problem.view.refresh`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions 12.x prior to 12.4.31 LTS TYPO3 versions 13.x prior to 13.4.2 LTS **Description** The issue concerns the multifactor authentication (MFA) dialog presented during backend login, which can be bypassed due to insufficient enforcement of access restrictions on all backend routes. Successful exploitation requires valid backend user credentials, as MFA can only be bypassed after successful authentication. **Recommendations** For versions 12.x prior to 12.4.31 LTS, update to TYPO3 version 12.4.31 LTS to fix the problem. For versions 13.x prior to 13.4.2 LTS, update to TYPO3 version 13.4.2 LTS to fix the problem.