Itarian

• 1 Click RCE on all agents May 11
• XSS in SAAS ITarian helpdesk function May 11
• CVE-2022-25153 - ITarian Endpoint Manager agent local privilege escalation May 11
• CVE-2022-25152 - Creation of procedure and bypass approvals by any user with a valid session token (ITarian SaaS platform / on-premise) May 11
• CVE-2022-25151 - Session cookie not protected by HttpOnly flag (ITarian SaaS platform / on-premise) May 11