4 matches found
CVE-2023-27168
CVE-2023-27168 affects Xpand IT Write-back Manager, version 2.3.1. The vulnerability is an arbitrary file upload that allows attackers to execute arbitrary code via a crafted JSP file. The connected PT-2024-12123 entry confirms the affected product/version and provides a practical workaround: res...
CVE-2023-27170
Xpand IT Write-back Manager, version 2.3.1, is affected by a directory traversal vulnerability triggered by modifying the siteName parameter. The issue enables attackers to access sensitive files/directories, constituting a high-severity impact per CVE-2023-27170. Documented attempts and descript...
CVE-2023-27172
CVE-2023-27172 affects Xpand IT Write-back Manager v2.3.1. The issue is the use of weak (hardcoded/guessable) JWT signing keys, enabling brute-force recovery of the signing key and impersonation of users. The vulnerability enables potential unauthorized access with high impact on confidentiality ...
CVE-2023-27169
CVE-2023-27169 affects Xpand IT Write-back manager version 2.3.1. A hardcoded salt in the license class configuration leads to generation of a hardcoded and predictable symmetric encryption key used for license generation and validation. Impact is described as creation/validation of licenses with...