Xpand-it - Write-back Manager CVE - OpenCVE

Filtered by vendor Xpand-it Subscriptions

Filtered by product Write-back Manager Subscriptions

Total 4 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-27170	1 Xpand-it	1 Write-back Manager	2024-09-10	7.5 High
Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter.
CVE-2023-27168	1 Xpand-it	1 Write-back Manager	2024-08-02	9.8 Critical
An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file.
CVE-2023-27169	1 Xpand-it	1 Write-back Manager	2024-08-02	6.5 Medium
Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation.
CVE-2023-27172	1 Xpand-it	1 Write-back Manager	2024-08-02	9.1 Critical
Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack.

Page 1 of 1.