Vulnerabilities > 1E > Client > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-05 | CVE-2023-45160 | Files or Directories Accessible to External Parties vulnerability in 1E Client In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. | 8.8 |
| 2023-10-05 | CVE-2023-45159 | Link Following vulnerability in 1E Client 1E Client installer can perform arbitrary file deletion on protected files. A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. | 8.4 |