Approved changes feed: RSS · Atom

cpe:2.3:a:1e:1e_platform:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor1E (78448ac2-d80c-5bdc-badd-1dcddc5dd1d4)
Product1E Platform (b982c884-34f2-51f1-b9ce-92a2603ced1b)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-7211 vulnerable 2026-06-08 06:58:21.523595 The Duende Identity Server based component in 1E Platform may allow URL redirections to untrusted websites.
MEDIUM (4.7)
The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix.
Published: 2024-08-01T16:49:47.597Z
Updated: 2025-06-18T18:41:03.926Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-45162 vulnerable 2026-06-08 06:12:42.079760 Blind SQL vulnerability in 1E platform
CRITICAL (9.9)
Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution.  Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix Q23169 SaaS implementations on v23.7.1 will automatically have hotfix Q23173 applied. Customers with SaaS versions below this are urged to upgrade urgently - please contact 1E to arrange this
Published: 2023-10-13T12:48:01.359Z
Updated: 2025-06-18T18:41:07.315Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.