Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:3 a.m.7 views

CVE-2023-27168

An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file...

9.8CVSS7.8AI score0.01144EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:31 a.m.9 views

CVE-2023-27170

Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter...

7.5CVSS6.9AI score0.00787EPSS
Exploits1References1
NVD
NVD
added 2024/01/19 2:15 p.m.29 views

CVE-2023-27168

An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file...

9.8CVSS9.6AI score0.01144EPSS
Exploits1References4
Prion
Prion
added 2024/01/19 2:15 p.m.15 views

Privilege escalation

An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file...

7.5CVSS8AI score0.01144EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2024/01/19 12:0 a.m.53 views

CVE-2023-27168

CVE-2023-27168 affects Xpand IT Write-back Manager, version 2.3.1. The vulnerability is an arbitrary file upload that allows attackers to execute arbitrary code via a crafted JSP file. The connected PT-2024-12123 entry confirms the affected product/version and provides a practical workaround: res...

9.8CVSS9.4AI score0.01144EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2023/12/20 1:15 a.m.34 views

CVE-2023-27172

Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack...

9.1CVSS0.00669EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/12/20 12:0 a.m.6 views

CVE-2023-27172

Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack...

9.1AI score0.00669EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/12/20 12:0 a.m.37 views

CVE-2023-27172

Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack...

9.2AI score0.00669EPSS
Exploits1References1
CVE
CVE
added 2023/12/20 12:0 a.m.45 views

CVE-2023-27172

CVE-2023-27172 affects Xpand IT Write-back Manager v2.3.1. The issue is the use of weak (hardcoded/guessable) JWT signing keys, enabling brute-force recovery of the signing key and impersonation of users. The vulnerability enables potential unauthorized access with high impact on confidentiality ...

9.1CVSS8.9AI score0.00669EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/19 12:0 a.m.4 views

PT-2023-20989 · Xpand It · Xpand It Write-Back Manager

Name of the Vulnerable Software and Affected Versions: Xpand IT Write-back Manager version 2.3.1 Description: The issue is related to the use of weak secret keys to sign JWT tokens, allowing attackers to obtain the secret key via a bruteforce attack. Recommendations: For Xpand IT Write-back Manag...

9.1CVSS6.8AI score0.00669EPSS
Exploits1References6
Prion
Prion
added 2023/10/26 11:15 p.m.21 views

Directory traversal

Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter...

4.6CVSS7.5AI score0.00787EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/10/26 12:0 a.m.4 views

Xpand IT Write-back manager security vulnerability

Xpand IT Write-back manager is an extension for Xpand IT. that allows users to enter data directly from Tableau dashboards into the database. A security vulnerability exists in Xpand IT Write-back manager version v2.3.1, which stems from allowing an attacker to perform directory traversal via the...

7.5CVSS6.8AI score0.00787EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/09/12 12:0 a.m.16 views

CVE-2023-27169

Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...

6.9AI score0.00263EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/09/12 12:0 a.m.37 views

CVE-2023-27169

Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...

6.7AI score0.00263EPSS
Exploits0References4
Rows per page
Query Builder