cbcvebase.

Newforma Project Center vulnerabilities

14 known vulnerabilities affecting newforma/project_center.

Total CVEs
14
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH1MEDIUM9

Vulnerabilities

Page 1 of 1
CVE-2025-35050P2CRITICALCVSS 9.8v2024.3v*2025-10-09
CVE-2025-35050 [CRITICAL] CWE-306 CVE-2025-35050: Newforma Info Exchange (NIX) accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, Newforma Info Exchange (NIX) accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. The vulnerable endpoint is used by Newforma Project Center Server (NPCS), so a compromised NIX system can be used to attack an associ
nvd
CVE-2025-35051P2CRITICALCVSS 9.8v2024.3v*2025-10-09
CVE-2025-35051 [CRITICAL] CWE-306 CVE-2025-35051: Newforma Project Center Server (NPCS) accepts serialized .NET data via the '/ProjectCenter.rem' endp Newforma Project Center Server (NPCS) accepts serialized .NET data via the '/ProjectCenter.rem' endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. According to the recommended architecture, the vulnerable NPCS endpoint is only accessible on an internal network.
nvd
CVE-2025-35062P2CRITICALCVSS 9.8fixed in 2023.12025-10-09
CVE-2025-35062 [CRITICAL] CWE-276 CVE-2025-35062: Newforma Info Exchange (NIX) before version 2023.1 by default allows anonymous authentication which Newforma Info Exchange (NIX) before version 2023.1 by default allows anonymous authentication which allows an unauthenticated attacker to exploit additional vulnerabilities that require authentication.
nvd
CVE-2025-35055P2HIGHCVSS 8.8fixed in 2023.12025-10-09
CVE-2025-35055 [HIGH] CWE-22 CVE-2025-35055: Newforma Info Exchange (NIX) '/UserWeb/Common/UploadBlueimp.ashx' allows an authenticated attacker t Newforma Info Exchange (NIX) '/UserWeb/Common/UploadBlueimp.ashx' allows an authenticated attacker to upload an arbitrary file to any location writable by the NIX application. An attacker can upload and run a web shell or other content executable by the web server. An attacker can also delete directories. In Newforma before 2023.1, anonymous access is
nvd
CVE-2024-32499P2CRITICALCVSS 9.8≤ 2023.3.0.322592025-04-28
CVE-2024-32499 [CRITICAL] CWE-94 CVE-2024-32499: Newforma Project Center Server through 2023.3.0.32259 allows remote code execution because .NET Remo Newforma Project Center Server through 2023.3.0.32259 allows remote code execution because .NET Remoting is exposed.
nvd
CVE-2025-35053P3MEDIUMCVSS 6.4≤ 2024.3v*+1 more2025-10-09
CVE-2025-35053 [MEDIUM] CWE-22 CVE-2025-35053: Newforma Info Exchange (NIX) accepts requests to '/UserWeb/Common/MarkupServices.ashx' specifying th Newforma Info Exchange (NIX) accepts requests to '/UserWeb/Common/MarkupServices.ashx' specifying the 'DownloadExportedPDF' command that allow an authenticated user to read and delete arbitrary files with 'NT AUTHORITY\NetworkService' privileges. In Newforma before 2023.1, anonymous access is enabled by default (CVE-2025-35062), allowing an otherwis
nvd
CVE-2025-35058P3MEDIUMCVSS 5.9fixed in 2023.22025-10-09
CVE-2025-35058 [MEDIUM] CWE-294 CVE-2025-35058: Newforma Info Exchange (NIX) '/UserWeb/Common/MarkupServices.ashx' allows a remote, unauthenticated Newforma Info Exchange (NIX) '/UserWeb/Common/MarkupServices.ashx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the customer-configured NIX service account.
nvd
CVE-2025-35061P3MEDIUMCVSS 5.9fixed in 2023.22025-10-09
CVE-2025-35061 [MEDIUM] CWE-294 CVE-2025-35061: Newforma Info Exchange (NIX) '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' allows a remote, unauth Newforma Info Exchange (NIX) '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the user-configured NIX service account.
nvd
CVE-2025-35057P3MEDIUMCVSS 5.3fixed in 2024.32025-10-09
CVE-2025-35057 [MEDIUM] CWE-294 CVE-2025-35057: Newforma Info Exchange (NIX) '/RemoteWeb/IntegrationServices.ashx' allows a remote, unauthenticated Newforma Info Exchange (NIX) '/RemoteWeb/IntegrationServices.ashx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the NIX service account.
nvd
CVE-2025-35052P4MEDIUMCVSS 5.3≤ 2024.3fixed in 2024.12025-10-09
CVE-2025-35052 [MEDIUM] CWE-321 CVE-2025-35052: Newforma Info Exchange (NIX) uses a hard-coded key to encrypt certain query parameters. Some encrypt Newforma Info Exchange (NIX) uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files, potentially bypassing authentication and authorization, for example, the 'qs' parameter used in '/DownloadWeb/download.aspx'. This key is shared across NIX installations. NIX 2023.3 and 2024.1 l
nvd
CVE-2025-35056P4MEDIUMCVSS 5.0fixed in 2024.12025-10-09
CVE-2025-35056 [MEDIUM] CVE-2025-35056: Newforma Info Exchange (NIX) '/UserWeb/Common/MarkupServices.ashx' 'StreamStampImage' accepts an enc Newforma Info Exchange (NIX) '/UserWeb/Common/MarkupServices.ashx' 'StreamStampImage' accepts an encrypted file path and returns an image of the specified file. An authenticated attacker can read arbitrary files subject to the privileges of NIX, typically 'NT AUTHORITY\NetworkService', and the ability of StreamStampImage to process the file. The encrypted f
nvd
CVE-2025-35059P4MEDIUMCVSS 6.1fixed in 2024.12025-10-09
CVE-2025-35059 [MEDIUM] CWE-601 CVE-2025-35059: Newforma Info Exchange (NIX) '/DownloadWeb/hyperlinkredirect.aspx' provides an unauthenticated URL r Newforma Info Exchange (NIX) '/DownloadWeb/hyperlinkredirect.aspx' provides an unauthenticated URL redirect via the 'nhl' parameter.
nvd
CVE-2025-35060P4MEDIUMCVSS 5.4fixed in 2024.12025-10-09
CVE-2025-35060 [MEDIUM] CWE-79 CVE-2025-35060: Newforma Info Exchange (NIX) provides a 'Send a File Transfer' feature that allows a remote, authent Newforma Info Exchange (NIX) provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent.
nvd
CVE-2025-35054P4MEDIUMCVSS 5.3≤ 2024.3v*+1 more2025-10-09
CVE-2025-35054 [MEDIUM] CWE-257 CVE-2025-35054: Newforma Info Exchange (NIX) stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Nod Newforma Info Exchange (NIX) stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\\Credentials'. The credentials are encrypted but the encryption key is stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If these are Active Directory credentials, an attacker ma
nvd
Newforma Project Center vulnerabilities | cvebase