ysoft CVE Vulnerabilities & Metrics

Focus on ysoft vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About ysoft Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with ysoft. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total ysoft CVEs: 6
Earliest CVE date: 21 Mar 2019, 16:00 UTC
Latest CVE date: 22 Oct 2024, 16:15 UTC

Latest CVE reference: CVE-2022-23862

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 2

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical ysoft CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 2.33

Max CVSS: 7.2

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	4
4.0-6.9	1
7.0-8.9	1
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS ysoft CVEs

These are the five CVEs with the highest CVSS scores for ysoft, sorted by severity first and recency.

CVE-2021-31859 ysoft Published on 14 Jul 2021, 17:15 UTC (CVSS: 7.2)
Incorrect privileges in the MU55 FlexiSpooler service in YSoft SafeQ 6 6.0.55 allows local user privilege escalation by overwriting the executable file via an alternative data stream.
CVE-2018-15498 ysoft Published on 21 Mar 2019, 16:00 UTC (CVSS: 6.8)
YSoft SafeQ Server 6 allows a replay attack.
CVE-2022-23862 ysoft Published on 22 Oct 2024, 16:15 UTC (CVSS: 0)
A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" user, an attacker is able to use the vulnerability to execute arbitrary code and elevate to the system user.
CVE-2022-23861 ysoft Published on 22 Oct 2024, 16:15 UTC (CVSS: 0)
Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code. These fields can be leveraged to perform XSS attacks on legitimate users accessing the SafeQ web interface.
CVE-2023-35833 ysoft Published on 13 Jul 2023, 17:15 UTC (CVSS: 0)
An issue was discovered in YSoft SAFEQ 6 Server before 6.0.82. When modifying the URL of the LDAP server configuration from LDAPS to LDAP, the system does not require the password to be (re)entered. This results in exposing cleartext credentials when connecting to a rogue LDAP server. NOTE: the vendor originally reported this as a security issue but then reconsidered because of the requirement ...

All CVEs for ysoft

CVE-2022-23862 ysoft vulnerability CVSS: 0 22 Oct 2024, 16:15 UTC

A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" user, an attacker is able to use the vulnerability to execute arbitrary code and elevate to the system user.

CVE-2022-23861 ysoft vulnerability CVSS: 0 22 Oct 2024, 16:15 UTC

Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code. These fields can be leveraged to perform XSS attacks on legitimate users accessing the SafeQ web interface.

CVE-2023-35833 ysoft vulnerability CVSS: 0 13 Jul 2023, 17:15 UTC

An issue was discovered in YSoft SAFEQ 6 Server before 6.0.82. When modifying the URL of the LDAP server configuration from LDAPS to LDAP, the system does not require the password to be (re)entered. This results in exposing cleartext credentials when connecting to a rogue LDAP server. NOTE: the vendor originally reported this as a security issue but then reconsidered because of the requirement for Admin access in order to change the configuration.

CVE-2022-38176 ysoft vulnerability CVSS: 0 06 Sep 2022, 21:15 UTC

An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation by overwriting the executable file via an alternative data stream. NOTE: this is not the same as CVE-2021-31859.

CVE-2021-31859 ysoft vulnerability CVSS: 7.2 14 Jul 2021, 17:15 UTC

Incorrect privileges in the MU55 FlexiSpooler service in YSoft SafeQ 6 6.0.55 allows local user privilege escalation by overwriting the executable file via an alternative data stream.

CVE-2018-15498 ysoft vulnerability CVSS: 6.8 21 Mar 2019, 16:00 UTC

YSoft SafeQ Server 6 allows a replay attack.