Vulnerabilities > Kioware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-14 | CVE-2024-3459 | Unspecified vulnerability in Kioware KioWare for Windows (versions all through 8.34) allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. | 7.8 |
| 2024-05-14 | CVE-2024-3460 | Unspecified vulnerability in Kioware In KioWare for Windows (versions all through 8.34) it is possible to exit this software and use other already opened applications utilizing a short time window before the forced automatic logout occurs. | 7.0 |
| 2024-05-14 | CVE-2024-3461 | Improper Restriction of Excessive Authentication Attempts vulnerability in Kioware KioWare for Windows (versions all through 8.35) allows to brute force the PIN number, which protects the application from being closed, as there are no mechanisms preventing a user from excessively guessing the number. | 5.5 |
| 2023-06-19 | CVE-2023-34641 | Unspecified vulnerability in Kioware KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. | 7.8 |
| 2023-06-19 | CVE-2023-34642 | Unspecified vulnerability in Kioware KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. | 7.8 |
| 2023-03-06 | CVE-2022-44875 | Cross-site Scripting vulnerability in Kioware KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin, which allows attackers to obtain SYSTEM access via KioUtils.Execute in JavaScript code. | 5.4 |
| 2019-03-21 | CVE-2018-18435 | Incorrect Permission Assignment for Critical Resource vulnerability in Kioware Server KioWare Server version 4.9.6 and older installs by default to "C:\kioware_com" with weak folder permissions granting any user full permission "Everyone: (F)" to the contents of the directory and it's sub-folders. | 7.8 |