workforceroi 相關的公開 CVE 漏洞與安全風險資訊,提供 CVSS、EPSS、公開時間與漏洞情報資料,協助評估潛在風險與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2002-0487 | Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache. | [email protected] | 4.6 | 0.44% | 2002-08-12 | 2026-06-16 |
| CVE-2002-0486 | Intellisol Xpede 4.1 uses weak encryption to store authentication information in cookies, which could allow local users with access to the cookies to gain privileges. | [email protected] | 7.2 | 0.79% | 2002-08-12 | 2026-06-16 |
| CVE-2002-0584 | WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets by modifying the TSN ID parameter to the ts_app_process.asp script, which is easily guessable because it is incremented by 1 for each new timesheet. | [email protected] | 5.0 | 1.77% | 2002-06-18 | 2026-06-16 |
| CVE-2002-0583 | WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric characters) for temporary expense claim reports in the /reports/temp directory, which allows remote attackers to read the reports via a brute force attack. | [email protected] | 5.0 | 1.60% | 2002-06-18 | 2026-06-16 |
| CVE-2002-0582 | WorkforceROI Xpede 4.1 stores temporary expense claim reports in a world-readable and indexable /reports/temp directory, which allows remote attackers to read the reports by accessing the directory. | [email protected] | 5.0 | 1.60% | 2002-06-18 | 2026-06-16 |
| CVE-2002-0581 | WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary SQL commands and read, modify, or steal credentials from the database via the Qry parameter in the sprc.asp script. | [email protected] | 7.5 | 1.57% | 2002-06-18 | 2026-06-16 |
| CVE-2002-0580 | WorkforceROI Xpede 4.1 allows remote attackers to obtain the database username via a request to datasource.asp, which leaks the username in a form and allows the attacker to more easily conduct brute force password guessing attacks. | [email protected] | 7.5 | 1.57% | 2002-06-18 | 2026-06-16 |
| CVE-2002-0579 | WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as an Xpede administrator via a direct HTTP request to the /admin/adminproc.asp script, which does not prompt for a password. | [email protected] | 7.5 | 1.57% | 2002-06-18 | 2026-06-16 |