Newforma Info Exchange SMB Connection Vulnerability via IntegrationServices.ashx

Vulnerability

A vulnerability in Newforma Info Exchange (NIX) allows remote, unauthenticated attackers to induce the application to establish an SMB connection with an attacker-controlled system. This exploitation enables the attacker to capture the NTLMv2 hash of the NIX service account. The issue is present in NIX versions prior to 2024.3.

Impact

Exploitation of this vulnerability allows for forced NTLMv2 authentication, enabling the capture of NTLMv2 hashes, which could be used in pass-the-hash attacks or to impersonate the NIX service account.

Added: Oct 9, 2025, 9:30 PM

Updated: Oct 9, 2025, 9:30 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Newforma Info Exchange SMB Connection Vulnerability via IntegrationServices.ashx

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating