Vulnerabilities > Xpand IT > Write Back Manager > 2.3.1

DATE CVE VULNERABILITY TITLE RISK
2024-01-19 CVE-2023-27168 Unrestricted Upload of File with Dangerous Type vulnerability in Xpand-It Write-Back Manager 2.3.1
An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file.
network
low complexity
xpand-it CWE-434
critical
 9.8
9.8
2023-12-20 CVE-2023-27172 Improper Restriction of Excessive Authentication Attempts vulnerability in Xpand-It Write-Back Manager 2.3.1
Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens.
network
low complexity
xpand-it CWE-307
critical
 9.1
9.1
2023-10-26 CVE-2023-27170 Path Traversal vulnerability in Xpand-It Write-Back Manager 2.3.1
Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter.
network
high complexity
xpand-it CWE-22
7.5
7.5
2023-09-12 CVE-2023-27169 Use of Hard-coded Credentials vulnerability in Xpand-It Write-Back Manager 2.3.1
Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation.
network
low complexity
xpand-it CWE-798
6.5
6.5