Filtered by vendor Baesystems
Subscriptions
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2025-54964 | 1 Baesystems | 1 Socet Gxp | 2025-10-24 | 5.1 Medium |
An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may inject arbitrary executables. If the Job Service is configured for local-only access, this may allow for privilege escalation in certain situations. If the Job Service is network accessible, this may allow remote command execution. | ||||
CVE-2025-54966 | 1 Baesystems | 1 Socet Gxp | 2025-10-24 | 5.1 Medium |
An issue was discovered in BAE SOCET GXP before 4.6.0.2. Some endpoints on the SOCET GXP Job Status Service may return sensitive information in certain situations, including local file paths and SOCET GXP version information. | ||||
CVE-2025-54963 | 1 Baesystems | 1 Socet Gxp | 2025-10-24 | 7.5 High |
An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may submit a crafted job request that grants read access to files on the filesystem with the permissions of the GXP Job Service process. The path to a file is not sanitized for directory traversal, potentially allowing an attacker to read sensitive files in some configurations. |
Page 1 of 1.