Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a different user due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.