Filtered by vendor Ysoft
Subscribe
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35833 | 1 Ysoft | 1 Safeq Server | 2024-04-11 | N/A | 6.5 MEDIUM |
| An issue was discovered in YSoft SAFEQ 6 Server before 6.0.82. When modifying the URL of the LDAP server configuration from LDAPS to LDAP, the system does not require the password to be (re)entered. This results in exposing cleartext credentials when connecting to a rogue LDAP server. NOTE: the vendor originally reported this as a security issue but then reconsidered because of the requirement for Admin access in order to change the configuration. | |||||
| CVE-2022-38176 | 1 Ysoft | 1 Safeq | 2023-12-10 | N/A | 7.8 HIGH |
| An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation by overwriting the executable file via an alternative data stream. NOTE: this is not the same as CVE-2021-31859. | |||||
| CVE-2021-31859 | 1 Ysoft | 1 Safeq | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| Incorrect privileges in the MU55 FlexiSpooler service in YSoft SafeQ 6 6.0.55 allows local user privilege escalation by overwriting the executable file via an alternative data stream. | |||||
| CVE-2018-15498 | 1 Ysoft | 2 Safeq Server, Safeq Server Client | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
| YSoft SafeQ Server 6 allows a replay attack. | |||||