Y4Er

**Name of the Vulnerable Software and Affected Versions** VMware Aria Operations (affected versions not specified) **Description** The issue is related to a deserialization vulnerability in VMware Aria Operations. A malicious actor with administrative privileges can exploit this vulnerability to execute arbitrary commands and disrupt the system. This can be done remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware Aria Operations (affected versions not specified) **Description** The issue is related to insufficient access control in VMware Aria Operations, allowing a remote attacker to execute arbitrary code and escalate privileges. An authenticated malicious user with ReadOnly privileges can perform code execution, leading to privilege escalation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware Aria Operations for Logs (affected versions not specified) **Description** The issue is related to a command injection vulnerability in VMware Aria Operations for Logs. A malicious actor with administrative privileges can execute arbitrary commands as root. This can be achieved by exploiting the lack of proper neutralization of special elements used in the OS command. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BMC Track-It! version 20.21.02.109 **Description** This issue allows remote attackers to disclose sensitive information on affected installations. Authentication is required to exploit this issue. The specific flaw exists within the "GetPopupSubQueryDetails" endpoint. The issue results from the lack of proper validation of a `user-supplied string` before using it to construct SQL queries. An attacker can leverage this issue to disclose stored credentials, leading to further compromise. **Recommendations** For version 20.21.02.109, as a temporary workaround, consider restricting access to the "GetPopupSubQueryDetails" endpoint until a patch is available. Additionally, ensure proper validation of `user-supplied strings` to prevent SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** zzzphp version 1.7.2 **Description** The issue is related to an eval injection vulnerability in the `parserCommom` method within the `ParserTemplate` class in `zzz template.php`. This vulnerability allows remote attackers to execute arbitrary commands. **Recommendations** For zzzphp version 1.7.2, consider disabling the `parserCommom` method in the `ParserTemplate` class until a patch is available. Restrict access to the `zzz template.php` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.