CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-45160 – Elevated Temp Directory Execution in 1E Client
https://notcve.org/view.php?id=CVE-2023-45160
05 Oct 2023 — In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client's temporary directory is now locked down in the released patch. Resolution: This has been fixed in patch Q23094 This issue has also been fixed in the Mac Client in updated versions of Non-Windows release v8.1.2.62 - please re-download from the 1E Su... • https://1e.my.site.com/s • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-45159 – 1E Client installer can perform arbitrary file deletion on protected files
https://notcve.org/view.php?id=CVE-2023-45159
05 Oct 2023 — 1E Client installer can perform arbitrary file deletion on protected files. A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. A hotfix is available from the 1E support portal that forces the 1E Client to check for a symbolic link or junction and if it finds one refuses to use that path and instead creates a path involving a random GUID. for v8.1 use hotfix Q23097 for v8.4 use hotf... • https://www.1e.com/trust-security-compliance/cve-info • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2008-1106
https://notcve.org/view.php?id=CVE-2008-1106
09 Jun 2008 — The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and force the client to download and execute arbitrary files. La interfaz de administración de Akamai Client (formerly Red Swoosh) 3322 y versiones anteriores permite a atacante... • http://secunia.com/advisories/30135 • CWE-287: Improper Authentication CWE-352: Cross-Site Request Forgery (CSRF) •