CVE-2024-3995 – Command Injection in Helix ALM
https://notcve.org/view.php?id=CVE-2024-3995
In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan Riggins. En las versiones de Helix ALM anteriores a la 2024.2.0, se identificó una inyección de comando local. Reportado por Bryan Riggins. • https://portal.perforce.com/s/detail/a91PA000001SU5pYAG • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2021-28973
https://notcve.org/view.php?id=CVE-2021-28973
The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks. La funcionalidad XML Import de la consola de Administración en Perforce Helix ALM versión 2020.3.1 Build 22, acepta datos de entrada XML que son analizados por componentes de software configurados de forma no segura, conllevando a ataques de tipo XXE • https://www.compass-security.com/fileadmin/Research/Advisories/2021-01_CSNC-2021-005_Helix_ALM_XXE.txt • CWE-611: Improper Restriction of XML External Entity Reference •