Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:3 a.m.7 views

CVE-2023-27168

An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file...

9.8CVSS7.8AI score0.01144EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:31 a.m.9 views

CVE-2023-27170

Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter...

7.5CVSS6.9AI score0.00787EPSS
Exploits1References1
NVD
NVD
added 2024/01/19 2:15 p.m.29 views

CVE-2023-27168

An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file...

9.8CVSS9.6AI score0.01144EPSS
Exploits1References4
Prion
Prion
added 2024/01/19 2:15 p.m.15 views

Privilege escalation

An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file...

7.5CVSS8AI score0.01144EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2024/01/19 12:0 a.m.53 views

CVE-2023-27168

CVE-2023-27168 affects Xpand IT Write-back Manager, version 2.3.1. The vulnerability is an arbitrary file upload that allows attackers to execute arbitrary code via a crafted JSP file. The connected PT-2024-12123 entry confirms the affected product/version and provides a practical workaround: res...

9.8CVSS9.4AI score0.01144EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2023/12/20 1:15 a.m.34 views

CVE-2023-27172

Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack...

9.1CVSS0.00669EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/12/20 12:0 a.m.6 views

CVE-2023-27172

Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack...

9.1AI score0.00669EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/12/20 12:0 a.m.37 views

CVE-2023-27172

Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack...

9.2AI score0.00669EPSS
Exploits1References1
CVE
CVE
added 2023/12/20 12:0 a.m.44 views

CVE-2023-27172

CVE-2023-27172 affects Xpand IT Write-back Manager v2.3.1. The issue is the use of weak (hardcoded/guessable) JWT signing keys, enabling brute-force recovery of the signing key and impersonation of users. The vulnerability enables potential unauthorized access with high impact on confidentiality ...

9.1CVSS8.9AI score0.00669EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/10/26 11:15 p.m.21 views

Directory traversal

Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter...

4.6CVSS7.5AI score0.00787EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/09/12 12:0 a.m.37 views

CVE-2023-27169

Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...

6.7AI score0.00263EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/09/12 12:0 a.m.16 views

CVE-2023-27169

Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...

6.9AI score0.00263EPSS
Exploits0References4
Rows per page
Query Builder