EUVD-2024-48178

Malicious code in bioql PyPI...

CVE-2024-7211

The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated wit...

CVE-2024-7211 The Duende Identity Server based component in 1E Platform may allow URL redirections to untrusted websites.

The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated wit...

CVE-2024-7211 The Duende Identity Server based component in 1E Platform may allow URL redirections to untrusted websites.

The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated wit...

CVE-2024-7211

CVE-2024-7211 affects the 1E Platform through a component that uses the third‑party Duende Identity Server, which contains an open redirect vulnerability that could let an attacker control the redirection path to untrusted sites. The vulnerability stems from the Duende Identity Server integration...

PT-2024-38171 · 1E +1 · 1E Platform +1

Name of the Vulnerable Software and Affected Versions: 1E Platform affected versions not specified Duende Identity Server affected versions not specified Description: The issue concerns an open redirect vulnerability in the Duende Identity Server, a third-party component used by the 1E Platform...

CVE-2023-45163 1E-Exchange-CommandLinePing instruction before v18.1 allows for arbitrary code execution

The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on...

CVE-2023-45163 1E-Exchange-CommandLinePing instruction before v18.1 allows for arbitrary code execution

The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on...

CVE-2023-45161 1E-Exchange-URLResponseTime instruction before v20.1 allows arbitrary code execution

The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on...

CVE-2023-45162

Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix Q23169 SaaS implementations on v23.7.1...

Sql injection

Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix Q23169 SaaS implementations on v23.7.1...

CVE-2023-45162

CVE-2023-45162 affects 1E Platform versions 8.1.2–9.0.1 (SaaS on 23.7.1+ auto-patches). The vulnerability is a Blind SQL Injection that can lead to arbitrary code execution. Root cause is the inability to properly neutralize SQL constructs in affected paths, per multiple sources. Impact is rated ...

CVE-2023-45162 Blind SQL vulnerability in 1E platform

Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix Q23169 SaaS implementations on v23.7.1...

CVE-2023-45162 Blind SQL vulnerability in 1E platform

Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix Q23169 SaaS implementations on v23.7.1...

PT-2023-29444 · 1E · 1E Platform Saas +1

Name of the Vulnerable Software and Affected Versions: 1E Platform versions 8.1.2 through 9.0.1 1E Platform SaaS versions prior to 23.7.1 Description: The issue is a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this...