Lucene search
+L
AxxonsoftAxxon One

8 matches found

CVE
CVE
added 2025/09/10 12:38 p.m.26 views

CVE-2025-10226

CVE-2025-10226 affects AxxonSoft Axxon One (C-Werk) 2.0.8 and earlier due to a dependency on vulnerable PostgreSQL back-end (v10.x). The root cause is reported as dependencies on vulnerable third-party components in PostgreSQL, enabling a remote attacker to escalate privileges, execute arbitrary ...

9.8CVSS7.2AI score0.00566EPSS
CVE
CVE
added 2025/09/10 12:28 p.m.23 views

CVE-2025-10220

CVE-2025-10220 affects AxxonSoft Axxon One VMS 2.0.0–2.0.4 on Windows due to use of unmaintained third‑party NuGet components (e.g., Google.Protobuf, DynamicData, System.Runtime.CompilerServices.Unsafe). The underlying issue is reliance on unmaintained third‑party packages, enabling remote code e...

9.8CVSS7.4AI score0.00686EPSS
CVE
CVE
added 2025/09/10 12:36 p.m.20 views

CVE-2025-10224

The CVE-2025-10224 entry concerns AxxonSoft Axxon One (C-Werk) prior to or equal to 2.0.2 on Windows, where the LDAP authentication engine improperly evaluates nested LDAP group memberships. This allows a remote authenticated user to be denied access or receive misassigned roles during login. The...

7.1CVSS6.5AI score0.00304EPSS
CVE
CVE
added 2025/09/10 12:34 p.m.19 views

CVE-2025-10222

The CVE-2025-10222 affects AxxonSoft Axxon One VMS (C-Werk) versions 2.0.0–2.0.1 on Windows, via the diagnostic dump component. The root cause is exposure of licensing-related information (timestamps, license states, registry values) through diagnostic export files generated by the built-in troub...

4.8CVSS5.9AI score0.00113EPSS
CVE
CVE
added 2025/09/10 12:37 p.m.19 views

CVE-2025-10225

CVE-2025-10225 affects AxxonSoft Axxon One (C-Werk) 2.0.6 and earlier on Windows, in the OpenSSL-based session module. The issue is an improper restriction of operations within a memory buffer (CWE-119) that can trigger memory reallocation errors when handling expired session keys under high load...

8.7CVSS6.5AI score0.00372EPSS
CVE
CVE
added 2025/09/10 12:31 p.m.17 views

CVE-2025-10221

CVE-2025-10221 concerns the ARP Agent component in AxxonSoft Axxon One / AxxonNet / C-WerkNet 2.0.4 and earlier on Windows. The root cause is insertion of sensitive information into TRACE log files, allowing a local attacker to read serialized JSON with passwords and obtain plaintext credentials....

6.7CVSS6.1AI score0.00121EPSS
CVE
CVE
added 2025/09/10 12:35 p.m.17 views

CVE-2025-10223

The CVE-2025-10223 entry describes Insufficient Session Expiration (CWE-613) in the Web Admin Panel of AxxonSoft Axxon One (C‑Werk) on Windows, prior to version 2.0.3. The root cause is an unexpired session token allowing a local or remote authenticated attacker to retain access with removed priv...

8.1CVSS6.2AI score0.00234EPSS
CVE
CVE
added 2025/09/10 12:39 p.m.17 views

CVE-2025-10227

AxxonSoft Axxon One (C-Werk) before 2.0.8 suffers Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component. With physical access to exported storage or stolen drives, an attacker can extract archive data in plaintext due to encryption-at-rest not being used. Affected version...

5.1CVSS5.9AI score0.00071EPSS