Axxonsoft

Axxon One

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.6

CVE-2025-10227

  • EPSS 0.01%
  • Veröffentlicht 10.09.2025 12:39:12
  • Zuletzt bearbeitet 19.12.2025 13:48:18

Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon One (C-Werk) before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive a...

9.8

CVE-2025-10226

  • EPSS 0.5%
  • Veröffentlicht 10.09.2025 12:38:42
  • Zuletzt bearbeitet 19.12.2025 13:54:04

Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One (C-Werk) 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-ser...

8.7

CVE-2025-10225

  • EPSS 0.21%
  • Veröffentlicht 10.09.2025 12:37:15
  • Zuletzt bearbeitet 08.10.2025 12:15:35

Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) in the OpenSSL-based session module in AxxonSoft Axxon One (C-Werk) 2.0.6 and earlier on Windows allows a remote attacker under high load conditions to cause applicatio...

7.1

CVE-2025-10224

  • EPSS 0.26%
  • Veröffentlicht 10.09.2025 12:36:22
  • Zuletzt bearbeitet 08.10.2025 12:15:35

Improper Authentication (CWE-287) in the LDAP authentication engine in AxxonSoft Axxon One (C-Werk) 2.0.2 and earlier on Windows allows a remote authenticated user to be denied access or misassigned roles via incorrect evaluation of nested LDAP group...

8.1

CVE-2025-10223

  • EPSS 0.06%
  • Veröffentlicht 10.09.2025 12:35:32
  • Zuletzt bearbeitet 08.10.2025 12:15:35

Insufficient Session Expiration (CWE-613) in the Web Admin Panel in AxxonSoft Axxon One (C-Werk) prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with removed privileges via continued use of an unexpired sess...

4.8

CVE-2025-10222

  • EPSS 0.02%
  • Veröffentlicht 10.09.2025 12:34:50
  • Zuletzt bearbeitet 08.10.2025 12:15:34

Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) in the diagnostic dump component in AxxonSoft Axxon One VMS (C-Werk) 2.0.0 through 2.0.1 on Windows allows a local attacker to obtain licensing-related information such as timestamp...

6.7

CVE-2025-10221

  • EPSS 0.02%
  • Veröffentlicht 10.09.2025 12:31:52
  • Zuletzt bearbeitet 19.12.2025 14:24:48

Insertion of Sensitive Information into Log File (CWE-532) in the ARP Agent component in AxxonSoft Axxon One / AxxonNet / C-WerkNet 2.0.4 and earlier on Windows platforms allows a local attacker to obtain plaintext credentials via reading TRACE log f...

9.8

CVE-2025-10220

  • EPSS 0.35%
  • Veröffentlicht 10.09.2025 12:28:39
  • Zuletzt bearbeitet 19.12.2025 14:34:29

Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dependency components in AxxonSoft Axxon One VMS 2.0.0 through 2.0.4 on Windows allows a remote attacker to execute arbitrary code or bypass security features via exploitation of vuln...