This security bulletin contains information about 2 vulnerabilities. The vulnerability allows a remote attacker to compromise vulnerable system. One of the endpoints in the REST API interface is located at /api/2.0/rest/aggregator/xml which loads xml data from POST data. A remote attacker can be exploited by a remote non-authenticated attacker via the Internet. The weakness exists due to most of the API endpoints and the web interface were accessible without authentication. Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.”]