Vulnerabilities (CVE)

Filtered by vendor Xpand-it Subscribe

Filtered by product Write-back Manager

Total 4 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-27168	1 Xpand-it	1 Write-back Manager	2024-01-25	N/A	9.8 CRITICAL
An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file.
CVE-2023-27172	1 Xpand-it	1 Write-back Manager	2024-01-02	N/A	9.1 CRITICAL
Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack.
CVE-2023-27170	1 Xpand-it	1 Write-back Manager	2023-12-10	N/A	7.5 HIGH
Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter.
CVE-2023-27169	1 Xpand-it	1 Write-back Manager	2023-12-10	N/A	6.5 MEDIUM
Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation.