Skip to main content

Write Back Manager

3 CVEs product

Monthly

CVE-2023-27172 CRITICAL POC Act Now

Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Write Back Manager
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-27170 HIGH POC This Week

Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal Write Back Manager
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-27169 MEDIUM This Month

Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Write Back Manager
NVD
CVSS 3.1
6.5
EPSS
0.3%
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Write Back Manager
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal Write Back Manager
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Write Back Manager
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy