1e: >> Platform >> 23.11.1.15 Security Vulnerabilities
Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-03-12
The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users.
Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix.
CVSS Score
4.7
EPSS Score
0.001
Published
2024-08-01