Chris McCurley

CVE(s): CVE-2023-47300, CVE-2023-47301, CVE-2023-47302,CVE-2023-47303 Vendor: Sage Product: SageCRM Version(s) affected: Version 2023 R2 and earlier are affected by these vulnerabilities Fixed version: 2021 R2.5, 2022 R2.4, 2022 R2.5, 2023 R2.2, 2023 R2.3, and 2024 R1 Given the length of time since these vulnerabilities were first disclosed, I would first like to thank to the vendor for their patience during this process and transparency during the remedial phase. It has been a pleasure.

CVE(s): CVE-2023–31046 Vendor: PaperCut Product: PaperCut MF/NG Version(s) affected: < 22.1.1 Fixed version: 22.1.1 Background # An Authenticated Arbitrary File Download vulnerability was found in PaperCut NG/MF. PaperCut is a popular Print Management product that’s used globally by over 80,000 organisations. Its application server component is written in Java. The majority of customers run their servers behind firewalls, however a number of larger customers like universities may have it hosted on more open servers. As part of my research I found this vulnerability and I worked with PaperCut Software to report, advise and validate a fix. The latest release of PaperCut NG/MF which can be found at http://www.papercut.com/ has the vulnerability addressed and upgrading is the recommended mitigation.

CVE(s) CVE-2017-5965, CVE-2017-5966 Vendor: Sitecore Product: Sitecore Version(s) affected: 8.1 Rev 151207 Fixed version: None Authenticated Arbitrary File Upload via Sitecore Package Manager (CVE-2017-5965) # This vulnerability was subject to a 90-day disclosure timeframe after disclosure to vendor in February 2017.

CVE(s): CVE-2017-5219, CVE-2017-5218 Vendor: Sage Product: SageCRM Version(s) affected: 7.0.e and later Fixed version: 7.3 SP3 Release notes for the version containing appropriate fixes are located at SageCRM’s community site. Authenticated Arbitrary File Upload via SageCRM Component Manager (CVE-2017-5219) # The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance application functionality. This functionality allows any zip file to be uploaded and extracted to the inf directory outside of the webroot, so long as it contains a .ecf component file. As no validation is performed on this .ecf file, an empty file is sufficient. Hence, by creating a zip file containing an empty .ecf file, it is possible to have any other file provided in the zip file extracted onto the target filesystem.