CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-32764
https://notcve.org/view.php?id=CVE-2023-32764
Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate their privileges to local administrator. • https://help.supportservices.fabasoft.com/index.php?topic=doc/Vulnerabilities-Fabasoft-Folio/vulnerabilities-2023.htm#client-autoupdate-harmful-code-installation-vulnerability-pdo06614- https://www.compass-security.com/fileadmin/Research/Advisories/2023_01_CSNC-2023-002_LPE_Cloud_Client.txt •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29908
https://notcve.org/view.php?id=CVE-2022-29908
The folioupdate service in Fabasoft Cloud Enterprise Client 22.4.0043 allows Local Privilege Escalation. El servicio folioupdate en Fabasoft Cloud Enterprise Client 22.4.0043 permite una Escalada de Privilegios Local • https://help.cloud.fabasoft.com/index.php?topic=doc/Technical-Information-eng/the-fabasoft-cloud-enterprise-client.htm https://www.compass-security.com/fileadmin/Research/Advisories/2022_13_CSNC-2022-010_LPE_Cloud_Client.txt • CWE-295: Improper Certificate Validation •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7560
https://notcve.org/view.php?id=CVE-2014-7560
The Fabasoft Cloud (aka com.fabasoft.android.cmis.folio_cloud) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación para Android Fabasoft Cloud (también conocido como com.fabasoft.android.cmis.folio_cloud) 3.0.1 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener información sensible a través de un certificado manipulado. • http://www.kb.cert.org/vuls/id/178753 http://www.kb.cert.org/vuls/id/582497 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing • CWE-310: Cryptographic Issues •