This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Xpand-It | First view | 2023-09-12 |
| Product | Write-Back Manager | Last view | 2024-01-19 |
| Version | Type | Application | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
| CPE Name | Affected CVE |
|---|---|
| cpe:2.3:a:xpand-it:write-back_manager:2.3.1:*:*:*:*:*:*:* | 4 |
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.8 | 2024-01-19 | CVE-2023-27168 | An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file. |
| 9.1 | 2023-12-20 | CVE-2023-27172 | Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack. |
| 7.5 | 2023-10-26 | CVE-2023-27170 | Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter. |
| 6.5 | 2023-09-12 | CVE-2023-27169 | Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 25% (1) | CWE-798 | Use of Hard-coded Credentials |
| 25% (1) | CWE-434 | Unrestricted Upload of File with Dangerous Type |
| 25% (1) | CWE-307 | Improper Restriction of Excessive Authentication Attempts |
| 25% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
