3 results (0.004 seconds)

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-43922

https://notcve.org/view.php?id=CVE-2025-43922

21 Apr 2025 — The FileWave Windows client before 16.0.0, in some non-default configurations, allows an unprivileged local user to escalate privileges to SYSTEM. El cliente FileWave Windows anterior a la versión 16.0.0, en algunas configuraciones no predeterminadas, permite que un usuario local sin permisos escale privilegios a SYSTEM. • https://kb.filewave.com/books/downloads/page/filewave-version-1603 • CWE-863: Incorrect Authorization •

CVSS: 7.8EPSS: 8%CPEs: 2EXPL: 1

CVE-2022-34906

https://notcve.org/view.php?id=CVE-2022-34906

25 Jul 2022 — A hard-coded cryptographic key is used in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to decrypt sensitive information saved in FileWave, and even send crafted requests. Es usada una clave criptográfica embebida en FileWave versiones anteriores a 14.6.3 y versiones 14.7.x anteriores a 14.7.2. La explotación podría permitir a un actor no autenticado descifrar información confidencial guardada en FileWave, e incluso enviar peticiones diseñadas • https://claroty.com/2022/07/25/blog-research-with-management-comes-risk-finding-flaws-in-filewave-mdm • CWE-798: Use of Hard-coded Credentials •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1

CVE-2022-34907

https://notcve.org/view.php?id=CVE-2022-34907

25 Jul 2022 — An authentication bypass vulnerability exists in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to gain access to the system with the highest authority possible and gain full control over the FileWave platform. Se presenta una vulnerabilidad de omisión de autenticación en FileWave versiones anteriores a 14.6.3 y versiones 14.7.x anteriores a 14.7.2. Su explotación podría permitir a un actor no autenticado acceder al sistema con la máxima autoridad posible ... • https://claroty.com/2022/07/25/blog-research-with-management-comes-risk-finding-flaws-in-filewave-mdm • CWE-798: Use of Hard-coded Credentials •