Lucene search
K
Xpand-itWrite-back Manager

4 matches found

CVE
CVE
added 2024/01/19 12:0 a.m.53 views

CVE-2023-27168

CVE-2023-27168 affects Xpand IT Write-back Manager, version 2.3.1. The vulnerability is an arbitrary file upload that allows attackers to execute arbitrary code via a crafted JSP file. The connected PT-2024-12123 entry confirms the affected product/version and provides a practical workaround: res...

9.8CVSS9.4AI score0.01144EPSS
CVE
CVE
added 2023/10/26 12:0 a.m.49 views

CVE-2023-27170

Xpand IT Write-back Manager, version 2.3.1, is affected by a directory traversal vulnerability triggered by modifying the siteName parameter. The issue enables attackers to access sensitive files/directories, constituting a high-severity impact per CVE-2023-27170. Documented attempts and descript...

7.5CVSS7.5AI score0.00787EPSS
CVE
CVE
added 2023/12/20 12:0 a.m.44 views

CVE-2023-27172

CVE-2023-27172 affects Xpand IT Write-back Manager v2.3.1. The issue is the use of weak (hardcoded/guessable) JWT signing keys, enabling brute-force recovery of the signing key and impersonation of users. The vulnerability enables potential unauthorized access with high impact on confidentiality ...

9.1CVSS8.9AI score0.00669EPSS
CVE
CVE
added 2023/09/12 12:0 a.m.43 views

CVE-2023-27169

CVE-2023-27169 affects Xpand IT Write-back manager version 2.3.1. A hardcoded salt in the license class configuration leads to generation of a hardcoded and predictable symmetric encryption key used for license generation and validation. Impact is described as creation/validation of licenses with...

6.5CVSS6.4AI score0.00263EPSS