Filtered by vendor N-able
Subscriptions
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-37244 | 2 Microsoft, N-able | 2 Windows, Automation Manager | 2025-07-22 | 5.3 Medium |
| The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into performing arbitrary file deletions. We recommend upgrading to version 2.91.0.0 | ||||
| CVE-2024-5322 | 1 N-able | 1 N-central | 2025-07-13 | 9.1 Critical |
| The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to authentication bypass. This vulnerability is present in all Entra-supported deployments of N-central prior to 2024.3. | ||||
| CVE-2023-47132 | 1 N-able | 1 N-central | 2025-06-11 | 9.8 Critical |
| An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls. | ||||
| CVE-2024-8510 | 1 N-able | 1 N-central | 2025-03-18 | 5.3 Medium |
| N-central is vulnerable to a path traversal that allows unintended access to the Apache Tomcat WEB-INF directory. Customer data is not exposed. This vulnerability is present in all deployments of N-central prior to N-central 2024.6. | ||||
| CVE-2024-28200 | 1 N-able | 1 N-central | 2024-11-21 | 9.1 Critical |
| The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2. This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild. | ||||
| CVE-2023-47131 | 4 Google, Microsoft, Mozilla and 1 more | 4 Chrome, Edge, Firefox and 1 more | 2024-11-21 | 7.5 High |
| The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file. | ||||
| CVE-2023-30297 | 1 N-able | 1 N-central | 2024-11-21 | 7.0 High |
| An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server. | ||||
| CVE-2023-27470 | 2 Microsoft, N-able | 2 Windows, Take Control | 2024-11-21 | 7.0 High |
| BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, leading to arbitrary file deletion. | ||||
Page 1 of 1.