1e Platform
6 CVEs affecting 1e Platform. Latest disclosed: 2025-03-12. Critical: 4, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-5964 | Critical | 9.9 | 2023-11-06 | The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Cap… |
CVE-2023-45163 | Critical | 9.9 | 2023-11-06 | The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input paramete… |
CVE-2023-45161 | Critical | 9.9 | 2023-11-06 | The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL parameter… |
CVE-2023-45162 | Critical | 9.9 | 2023-10-13 | Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediat… |
CVE-2025-1683 | High | 7.8 | 2025-03-12 | Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access… |
CVE-2024-7211 | Medium | 4.7 | 2024-08-01 | The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to cont… |