CVE-2025-10225
- EPSS 0.16%
- Veröffentlicht 10.09.2025 12:37:15
- Zuletzt bearbeitet 08.10.2025 12:15:35
Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) in the OpenSSL-based session module in AxxonSoft Axxon One (C-Werk) 2.0.6 and earlier on Windows allows a remote attacker under high load conditions to cause applicatio...
CVE-2025-10224
- EPSS 0.22%
- Veröffentlicht 10.09.2025 12:36:22
- Zuletzt bearbeitet 08.10.2025 12:15:35
Improper Authentication (CWE-287) in the LDAP authentication engine in AxxonSoft Axxon One (C-Werk) 2.0.2 and earlier on Windows allows a remote authenticated user to be denied access or misassigned roles via incorrect evaluation of nested LDAP group...
CVE-2025-10223
- EPSS 0.05%
- Veröffentlicht 10.09.2025 12:35:32
- Zuletzt bearbeitet 08.10.2025 12:15:35
Insufficient Session Expiration (CWE-613) in the Web Admin Panel in AxxonSoft Axxon One (C-Werk) prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with removed privileges via continued use of an unexpired sess...
CVE-2025-10222
- EPSS 0.02%
- Veröffentlicht 10.09.2025 12:34:50
- Zuletzt bearbeitet 08.10.2025 12:15:34
Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) in the diagnostic dump component in AxxonSoft Axxon One VMS (C-Werk) 2.0.0 through 2.0.1 on Windows allows a local attacker to obtain licensing-related information such as timestamp...