CVE-2025-35062

Medium CVSS: 6.9

Newforma Info Exchange (NIX) before version 2023.1 by default allows anonymous authentication which allows an unauthenticated attacker to exploit additional vulnerabilities that require authentication.

Vendor

Newforma

Product

Project Center

CWE

CWE-276

Yayın Tarihi

2025-10-09 21:15:37

Güncelleme

2025-10-22 16:51:37

Source Identifier

9119a7d8-5eab-497f-8521-727c672e3725

KEV Date Added

Kategoriler

CWE-276 Project Center MEDIUM Newforma 2025

Referanslar

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-282-01.json https://www.cve.org/CVERecord?id=CVE-2025-35062

Benzer Kayıtlar

Medium

CVE-2025-35059

Newforma Info Exchange (NIX) '/DownloadWeb/hyperlinkredirect.aspx' provides an unauthenticated URL redirect via the 'nhl…

Medium

CVE-2025-35060

Newforma Info Exchange (NIX) provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to u…

High

CVE-2025-35061

Newforma Info Exchange (NIX) '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' allows a remote, unauthenticated attacker t…

Medium

CVE-2025-35052

Newforma Info Exchange (NIX) uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values…

Medium

CVE-2025-35053

Newforma Info Exchange (NIX) accepts requests to '/UserWeb/Common/MarkupServices.ashx' specifying the 'DownloadExportedP…

Medium

CVE-2025-35054

Newforma Info Exchange (NIX) stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\\Credenti…