Vulnerabilities > 1E > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-06 | CVE-2023-45161 | Unspecified vulnerability in 1E Platform The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. | 7.2 |
| 2023-11-06 | CVE-2023-45163 | Unspecified vulnerability in 1E Platform The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. | 7.2 |
| 2023-11-06 | CVE-2023-5964 | Unspecified vulnerability in 1E Platform The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. | 7.2 |
| 2023-10-05 | CVE-2023-45160 | Files or Directories Accessible to External Parties vulnerability in 1E Client In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. | 8.8 |
| 2023-10-05 | CVE-2023-45159 | Link Following vulnerability in 1E Client 1E Client installer can perform arbitrary file deletion on protected files. A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. | 8.4 |