Xpand-It: >> Write-Back Manager Security Vulnerabilities
An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-01-19
Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack.
CVSS Score
9.1
EPSS Score
0.001
Published
2023-12-20
Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2023-10-26
Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-09-12