14 matches found
CVE-2023-27168
An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file...
CVE-2023-27170
Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter...
CVE-2023-27168
An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file...
Privilege escalation
An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file...
CVE-2023-27168
CVE-2023-27168 affects Xpand IT Write-back Manager, version 2.3.1. The vulnerability is an arbitrary file upload that allows attackers to execute arbitrary code via a crafted JSP file. The connected PT-2024-12123 entry confirms the affected product/version and provides a practical workaround: res...
CVE-2023-27172
Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack...
CVE-2023-27172
Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack...
CVE-2023-27172
Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack...
CVE-2023-27172
CVE-2023-27172 affects Xpand IT Write-back Manager v2.3.1. The issue is the use of weak (hardcoded/guessable) JWT signing keys, enabling brute-force recovery of the signing key and impersonation of users. The vulnerability enables potential unauthorized access with high impact on confidentiality ...
PT-2023-20989 · Xpand It · Xpand It Write-Back Manager
Name of the Vulnerable Software and Affected Versions: Xpand IT Write-back Manager version 2.3.1 Description: The issue is related to the use of weak secret keys to sign JWT tokens, allowing attackers to obtain the secret key via a bruteforce attack. Recommendations: For Xpand IT Write-back Manag...
Directory traversal
Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter...
Xpand IT Write-back manager security vulnerability
Xpand IT Write-back manager is an extension for Xpand IT. that allows users to enter data directly from Tableau dashboards into the database. A security vulnerability exists in Xpand IT Write-back manager version v2.3.1, which stems from allowing an attacker to perform directory traversal via the...
CVE-2023-27169
Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...
CVE-2023-27169
Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...