Vulnerability Details : CVE-2023-27169
Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation.
Products affected by CVE-2023-27169
- cpe:2.3:a:xpand-it:write-back_manager:2.3.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-27169
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 38 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-27169
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
3.9
|
2.5
|
NIST |
CWE ids for CVE-2023-27169
-
The product contains hard-coded credentials, such as a password or cryptographic key.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-27169
-
https://writeback4t.com
Write-Back: Tableau Extension - Input data, Write now!Product
-
https://balwurk.com/cve-use-of-hard-coded-cryptographic-key/
CVE-2023-27169 - Use of Hard-coded Cryptographic Key - BalwurkThird Party Advisory
-
https://www.xpand-it.com
Experts in Big Data, Business Intelligence, Middleware & MobileProduct
-
https://balwurk.com
Homepage - BalwurkNot Applicable
Jump to