Xpand-it Write-back Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Xpand-it Write-back Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2023-27168 — CVSS 9.8 (critical): An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp…
CVE-2023-27172 — CVSS 9.1 (critical): Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to…
CVE-2023-27170 — CVSS 7.5 (high): Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter.
CVE-2023-27169 — CVSS 6.5 (medium): Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and…