GCVE - cpe:2.3:a:atlassian:agiloft:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:atlassian:agiloft:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Atlassian (`8acde0d4-2b83-5bd8-8d3f-60d59e0b022e`)
Product	Agiloft (`bbeca1b3-fb44-5bdd-985a-eb0242dc0efb`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-35115`	vulnerable	2026-06-03 15:00:51.958488	Agiloft insecure download of system packages HIGH (8.1) Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An attacker in a Man-In-the-Middle position could replace or modify the contents of the download URL. Users should upgrade to Agiloft Release 30. Published: 2025-08-26T22:18:30.538Z Updated: 2025-08-29T18:27:45.417Z Open on db.gcve.eu Reference links https://wiki.agiloft.com/display/HELP/What%27s+New%3A+CVE+Resolution https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-239-01.json https://www.cve.org/CVERecord?id=CVE-2025-35115	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-35114`	vulnerable	2026-06-03 15:00:51.958125	Agiloft local privilege escalation via default credentials HIGH (7.5) Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30. Published: 2025-08-26T22:18:12.127Z Updated: 2025-08-29T18:29:07.509Z Open on db.gcve.eu Reference links https://wiki.agiloft.com/display/HELP/What%27s+New%3A+CVE+Resolution https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-239-01.json https://www.cve.org/CVERecord?id=CVE-2025-35114	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-35113`	vulnerable	2026-06-03 15:00:51.957671	Agiloft improper neutralization in EUI template engine MEDIUM (5.9) Agiloft Release 28 does not properly neutralize special elements used in an EUI template engine, allowing an authenticated attacker to achieve remote code execution by loading a specially crafted payload. Users should upgrade to Agiloft Release 31. Published: 2025-08-26T22:17:50.086Z Updated: 2025-08-29T18:29:40.398Z Open on db.gcve.eu Reference links https://wiki.agiloft.com/display/HELP/What%27s+New%3A+CVE+Resolution https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-239-01.json https://www.cve.org/CVERecord?id=CVE-2025-35113	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-35112`	vulnerable	2026-06-03 15:00:51.957100	Agiloft XML external entity local path traversal MEDIUM (4.1) Agiloft Release 28 contains an XML External Entities vulnerability in any table that allows 'import/export', allowing an authenticated attacker to import the template file and perform path traversal on the local system files. Users should upgrade to Agiloft Release 31. Published: 2025-08-26T22:19:20.235Z Updated: 2025-08-29T18:26:12.502Z Open on db.gcve.eu Reference links https://wiki.agiloft.com/display/HELP/What%27s+New%3A+CVE+Resolution https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-239-01.json https://www.cve.org/CVERecord?id=CVE-2025-35112	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.