Every CVE whose affected-product data names 1e Platform, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2023-45161 — CVSS 9.9 (critical): The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly…
CVE-2023-45162 — CVSS 9.9 (critical): Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the…
CVE-2023-45163 — CVSS 9.9 (critical): The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly…
CVE-2023-5964 — CVSS 9.9 (critical): The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not…
CVE-2025-1683 — CVSS 7.8 (high): Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local…
CVE-2024-7211 — CVSS 4.7 (medium): The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting…