A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood and SoundsGood Apps. An attacker can exploit this vulnerability to inject malicious scripts into the target applications to access any cookies or sensitive information retained by the browser and used with that application. (CVE-2023-2509)

• The issue has been fixed on ADM 4.2.2.RI61.

EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. (CVE-2023-2909) 

• The issue has been fixed on ADM 4.2.2.RI61.

The Netatalk development team disclosed multiple fixed vulnerabilities affecting earlier versions of the software on the latest release of Netatalk 3.1.13: CVE-2022-43634 and CVE-2022-45188.

• Netatalk 3.1.13 patch has been updated on ADM 4.2.2.RI61 to resolve the issue.

Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. (CVE-2023-2749)

• The issue has been fixed on Download Center 1.1.5.r1298 for ADM 4.2.

The PHP Group announced multiple vulnerabilities that have been fixed in the latest release of PHP 8.1.

CVE-2023-0662, CVE-2022-31631, CVE-2022-31630, CVE-2022-37454, CVE-2022-31628, CVE-2022-31629 and CVE-2022-31627 will affect ASUSTOR products with PHP 8.1 installed on ADM 4.1 or ADM 4.2

• Updates with PHP 8.1.18 has been released on App Central for ADM 4.2.2.