Affected Products

Vendor / product matrix with CVE counts sourced from the CPE catalog.

Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
n-able
413240.4%CRITICAL

Related CVEs

13
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2025-11700N-central versions < 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosureHIGH8.498.0%Nov 12, 2025
CVE-2025-11367The N-central Software Probe < 2025.4 is vulnerable to Remote Code Execution via deserializationCRITICAL10.038.7%Nov 12, 2025
CVE-2025-11366N-central < 2025.4 is vulnerable to authentication bypass via path traversalCRITICAL9.439.6%Nov 12, 2025
CVE-2025-10231An Incorrect File Handling Permission bug exists on the N-central Windows Agent and Probe that, in the right circumstances, can allow a local low-level user to run commands with elevated permissions.HIGH7.82.0%Sep 10, 2025
CVE-2025-7051On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central server. This vulnerability is present in all deployments of N-central prior to 2025.2.HIGH8.316.8%Aug 21, 2025
CVE-2025-8876Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.CRITICAL9.4KEV86.4%Aug 14, 2025
CVE-2025-8875Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.CRITICAL9.4KEV72.5%Aug 14, 2025
CVE-2024-8510N-central is vulnerable to a path traversal that allows unintended access to the Apache Tomcat WEB-INF directory. Customer data is not exposed. This vulnerability is present in all deployments of N-central prior to N-central 2024.6.MEDIUM5.329.2%Mar 17, 2025
CVE-2023-37244The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into performing arbitrary file deletions. We recommend upgrading to version 2.91.0.0HIGH7.014.1%May 2, 2024
CVE-2023-47132An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls.CRITICAL9.841.9%Feb 8, 2024
CVE-2023-47131The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file.HIGH7.538.8%Feb 8, 2024
CVE-2023-27470BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, leading to arbitrary file deletion.HIGH7.041.1%Sep 11, 2023
CVE-2023-30297An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server.HIGH7.06.3%Aug 4, 2023