CVE-2023-5964

The CVE-2023-5964 issue affects the 1E Exchange End-User Interaction product pack, specifically the 1E-Exchange-DisplayMessage instruction. The vulnerability arises from improper validation of Caption and Message parameters, enabling arbitrary code execution with SYSTEM privileges on Windows clie...

CVE-2023-45163

CVE-2023-45163 concerns the 1E-Exchange-CommandLinePing instruction in the 1E Exchange Network product pack. Versions prior to v18.1 fail input validation, enabling specially crafted input to perform arbitrary code execution with SYSTEM privileges on Windows clients. Mitigation: update the instru...

CVE-2023-45161

The CVE-2023-45161 entry concerns the 1E-Exchange-URLResponseTime instruction in the 1E Exchange Network product pack. The vulnerability arises from improper validation of the URL parameter in the 1E-Exchange-URLResponseTime instruction, enabling arbitrary code execution with SYSTEM privileges on...

CVE-2023-45162

CVE-2023-45162 affects 1E Platform versions 8.1.2–9.0.1 (SaaS on 23.7.1+ auto-patches). The vulnerability is a Blind SQL Injection that can lead to arbitrary code execution. Root cause is the inability to properly neutralize SQL constructs in affected paths, per multiple sources. Impact is rated ...

CVE-2025-1683

CVE-2025-1683 affects the Nomad module of the 1E Client. The vulnerability arises from improper link resolution before file access, allowing a local unprivileged attacker on Windows to delete arbitrary files via symbolic links. Affected scope: 1E Client versions prior to 25.3. Impact is described...

CVE-2024-7211

CVE-2024-7211 affects the 1E Platform through a component that uses the third‑party Duende Identity Server, which contains an open redirect vulnerability that could let an attacker control the redirection path to untrusted sites. The vulnerability stems from the Duende Identity Server integration...