Approved changes feed: RSS · Atom

cpe:2.3:a:1e:platform:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor1E (78448ac2-d80c-5bdc-badd-1dcddc5dd1d4)
ProductPlatform (51e69eb7-e770-54e1-9e42-1946e8fbeb19)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-1683 vulnerable 2026-06-08 07:08:37.584744 Symbolic Link Exploit in 1E Client's - Nomad module allows Arbitrary File Deletion
HIGH (7.8)
Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links.
Published: 2025-03-12T15:25:27.765Z
Updated: 2025-06-18T18:40:59.816Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-5964 vulnerable 2026-06-08 06:19:45.249710 1E-Exchange-DisplayMessage instruction allows for arbitrary code execution
CRITICAL (9.9)
The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients. To remediate this issue DELETE the instruction “Show dialogue with caption %Caption% and message %Message%” from the list of instructions in the Settings UI, and replace it with the new instruction 1E-Exchange-ShowNotification instruction available in the updated End-User Interaction product pack. The new instruction should show as “Show %Type% type notification with header %Header% and message %Message%” with a version of 7.1 or above.
Published: 2023-11-06T12:27:12.281Z
Updated: 2025-06-12T14:19:29.853Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-45163 vulnerable 2026-06-08 06:12:42.084673 1E-Exchange-CommandLinePing instruction before v18.1 allows for arbitrary code execution
CRITICAL (9.9)
The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients. To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-CommandLinePing instruction to v18.1 by uploading it through the 1E Platform instruction upload UI
Published: 2023-11-06T12:19:20.662Z
Updated: 2025-06-18T18:41:08.905Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-45161 vulnerable 2026-06-08 06:12:42.078487 1E-Exchange-URLResponseTime instruction before v20.1 allows arbitrary code execution
CRITICAL (9.9)
The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients. To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-URLResponseTime instruction to v20.1 by uploading it through the 1E Platform instruction upload UI
Published: 2023-11-06T12:13:09.083Z
Updated: 2025-06-18T18:41:05.819Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.