Zaid Shaikh

**Name of the Vulnerable Software and Affected Versions** Incorta version 2023.4.3 **Description** The issue concerns a csv injection vulnerability in the Edit Insight Service Name feature of Incorta. **Recommendations** For Incorta version 2023.4.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TCS BaNCS version 10 **Description** A vulnerability was found in TCS BaNCS, affecting an unknown part of the file /REPORTS/REPORTS SHOW FILE.jsp. The manipulation of the `FilePath` argument leads to file inclusion. The real existence of this vulnerability is still doubted at the moment. **Recommendations** For TCS BaNCS version 10, as a temporary workaround, consider restricting access to the `/REPORTS/REPORTS SHOW FILE.jsp` file until the issue is resolved. Avoid manipulating the `FilePath` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.