VYPR

SafeQ 6

by Y Soft

CVEs (6)

  • CVE-2025-13175MedJan 14, 2026
    risk 0.33cvss epss 0.00

    Y Soft SafeQ 6 renders the Workflow Connector password field in a way that allows an administrator with UI access to reveal the value using browser developer/inspection tools. The affected customers are only those with a password-protected scan workflow connector. This issue…

  • CVE-2022-23862Oct 22, 2024
    risk 0.00cvss epss 0.00

    A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" user, an attacker is…

  • CVE-2022-23861Oct 22, 2024
    risk 0.00cvss epss 0.00

    Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code.…

  • CVE-2023-35833Jul 13, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in YSoft SAFEQ 6 Server before 6.0.82. When modifying the URL of the LDAP server configuration from LDAPS to LDAP, the system does not require the password to be (re)entered. This results in exposing cleartext credentials when connecting to a rogue LDAP…

  • CVE-2022-38176Sep 6, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation by overwriting the executable file via an alternative data stream. NOTE: this is…

  • CVE-2021-31859Jul 14, 2021
    risk 0.00cvss epss 0.00

    Incorrect privileges in the MU55 FlexiSpooler service in YSoft SafeQ 6 6.0.55 allows local user privilege escalation by overwriting the executable file via an alternative data stream.