Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-10223 | 1 Axxonsoft | 1 Axxon One | 2025-10-06 | N/A | 5.4 MEDIUM |
| Insufficient Session Expiration (CWE-613) in the Web Admin Panel in AxxonSoft Axxon One prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with removed privileges via continued use of an unexpired session token until natural expiration. | |||||
| CVE-2025-10222 | 1 Axxonsoft | 1 Axxon One | 2025-10-06 | N/A | 3.3 LOW |
| Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) in the diagnostic dump component in AxxonSoft Axxon One VMS 2.0.0 through 2.0.1 on Windows allows a local attacker to obtain licensing-related information such as timestamps, license states, and registry values via reading diagnostic export files created by the built-in troubleshooting tool. | |||||
| CVE-2025-10224 | 1 Axxonsoft | 1 Axxon One | 2025-10-06 | N/A | 5.4 MEDIUM |
| Improper Authentication (CWE-287) in the LDAP authentication engine in AxxonSoft Axxon One 2.0.2 and earlier on Windows allows a remote authenticated user to be denied access or misassigned roles via incorrect evaluation of nested LDAP group memberships during login. | |||||
| CVE-2025-10225 | 1 Axxonsoft | 1 Axxon One | 2025-10-06 | N/A | 7.5 HIGH |
| Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) in the OpenSSL-based session module in AxxonSoft Axxon One 2.0.6 and earlier on Windows allows a remote attacker under high load conditions to cause application crashes or unpredictable behavior via triggering memory reallocation errors when handling expired session keys. | |||||