Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Write\-Back_manager
(Xpand\-It)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 4 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-01-19 | CVE-2023-27168 | An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file. | Write\-Back_manager | 9.8 | ||
| 2023-12-20 | CVE-2023-27172 | Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack. | Write\-Back_manager | 9.1 | ||
| 2023-10-26 | CVE-2023-27170 | Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter. | Write\-Back_manager | 7.5 | ||
| 2023-09-12 | CVE-2023-27169 | Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation. | Write\-Back_manager | 6.5 |