Xpand-it

Write-back Manager

4 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2023-27168

Exploit
  • EPSS 0.24%
  • Published 19.01.2024 14:15:12
  • Last modified 02.06.2025 15:15:22

An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file.

9.1

CVE-2023-27172

Exploit
  • EPSS 0.08%
  • Published 20.12.2023 01:15:07
  • Last modified 06.05.2025 19:15:58

Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack.

7.5

CVE-2023-27170

Exploit
  • EPSS 0.57%
  • Published 26.10.2023 23:15:09
  • Last modified 21.11.2024 07:52:25

Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter.

6.5

CVE-2023-27169

  • EPSS 0.16%
  • Published 12.09.2023 12:15:07
  • Last modified 21.11.2024 07:52:25

Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation.