4 matches found
CVE-2023-5964
The CVE-2023-5964 issue affects the 1E Exchange End-User Interaction product pack, specifically the 1E-Exchange-DisplayMessage instruction. The vulnerability arises from improper validation of Caption and Message parameters, enabling arbitrary code execution with SYSTEM privileges on Windows clie...
CVE-2023-45163
CVE-2023-45163 concerns the 1E-Exchange-CommandLinePing instruction in the 1E Exchange Network product pack. Versions prior to v18.1 fail input validation, enabling specially crafted input to perform arbitrary code execution with SYSTEM privileges on Windows clients. Mitigation: update the instru...
CVE-2023-45161
The CVE-2023-45161 entry concerns the 1E-Exchange-URLResponseTime instruction in the 1E Exchange Network product pack. The vulnerability arises from improper validation of the URL parameter in the 1E-Exchange-URLResponseTime instruction, enabling arbitrary code execution with SYSTEM privileges on...
CVE-2025-1683
CVE-2025-1683 affects the Nomad module of the 1E Client. The vulnerability arises from improper link resolution before file access, allowing a local unprivileged attacker on Windows to delete arbitrary files via symbolic links. Affected scope: 1E Client versions prior to 25.3. Impact is described...