CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1683 – Symbolic Link Exploit in 1E Client's - Nomad module allows Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2025-1683
12 Mar 2025 — Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links. • https://capec.mitre.org/data/definitions/27.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-45160 – Elevated Temp Directory Execution in 1E Client
https://notcve.org/view.php?id=CVE-2023-45160
05 Oct 2023 — In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client's temporary directory is now locked down in the released patch. Resolution: This has been fixed in patch Q23094 This issue has also been fixed in the Mac Client in updated versions of Non-Windows release v8.1.2.62 - please re-download from the 1E Su... • https://1e.my.site.com/s • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-45159 – 1E Client installer can perform arbitrary file deletion on protected files
https://notcve.org/view.php?id=CVE-2023-45159
05 Oct 2023 — 1E Client installer can perform arbitrary file deletion on protected files. A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. A hotfix is available from the 1E support portal that forces the 1E Client to check for a symbolic link or junction and if it finds one refuses to use that path and instead creates a path involving a random GUID. for v8.1 use hotfix Q23097 for v8.4 use hotf... • https://www.1e.com/trust-security-compliance/cve-info • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27645
https://notcve.org/view.php?id=CVE-2020-27645
29 Dec 2020 — The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges. El módulo Inventory del 1E Client versión 5.0.0.745, no maneja una ruta sin comillas cuando se ejecuta %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. Esto puede permitir a los usuarios locales y los usuarios autenticados remotos obtener privilegios elevado... • https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645 • CWE-428: Unquoted Search Path or Element •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27644
https://notcve.org/view.php?id=CVE-2020-27644
29 Dec 2020 — The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges by placing a malicious cryptbase.dll file in %WINDIR%\Temp\. El módulo Inventory de 1E Client versión 5.0.0.745, no maneja una ruta sin comillas al ejecutar %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. Esto puede permitir a los usuarios locales y los usua... • https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645 • CWE-428: Unquoted Search Path or Element •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-27643
https://notcve.org/view.php?id=CVE-2020-27643
29 Dec 2020 — The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not normally have access to create or modify files) via the creation of a junction point to a system directory. This leads to partial privilege escalation. El directorio %PROGRAMDATA%\1E\Client en 1E Client versiones 5.0.0.745 y 4.1.0.267, permite a los usuarios autenticados remotos y a los usuarios locales crear y ... • https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-16268
https://notcve.org/view.php?id=CVE-2020-16268
29 Dec 2020 — The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to gain elevated privileges via the repair option. This applies to installations that have a TRANSFORM (MST) with the option to disable the installation of the Nomad module. An attacker may craft a .reg file in a specific location that will be able to write to any registry key as an elevated user. El instalador MSI en 1E Client versiones 4.1.0.267 y 5.0.0.745, permite a los usuarios autenticados remotos ... • https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-668: Exposure of Resource to Wrong Sphere •