MidnightBSD

Advisories for fujixerox

CVE-2017-10848 HIGH

Untrusted search path vulnerability in Installers for DocuWorks 8.0.7 and earlier and DocuWorks Viewer Light published in Jul 2017 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-426,

Products Affected

Vendor Product Version
fujixerox docuworks_viewer_light *
fujixerox docuworks *
CVE-2017-10849 HIGH

Untrusted search path vulnerability in Self-extracting document generated by DocuWorks 8.0.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-426,

Products Affected

Vendor Product Version
fujixerox docuworks *
CVE-2017-10851 HIGH

Untrusted search path vulnerability in Installer for ContentsBridge Utility for Windows 7.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-426,

Products Affected

Vendor Product Version
fujixerox contentsbridge_utility *
CVE-2018-16709 HIGH

Fuji Xerox DocuCentre-V 3065, ApeosPort-VI C3371, ApeosPort-V C4475, ApeosPort-V C3375, DocuCentre-VI C2271, ApeosPort-V C5576, DocuCentre-IV C2263, DocuCentre-V C2263, and ApeosPort-V 5070 devices allow remote attackers to read or write to files via crafted PJL commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fujixerox docucentre-v_3065_firmware -
fujixerox apeosport-v_c5576_firmware -
fujixerox apeosport-v_5070_firmware -
fujixerox apeosport-vi_c3371_firmware -
fujixerox apeosport-v_c4475_firmware -
fujixerox docucentre-iv_c2263_firmware -
fujixerox docucentre-vi_c2271_firmware -
fujixerox docucentre-v_c2263_firmware -
fujixerox apeosport-v_c3375_firmware -
CVE-2019-16307 MEDIUM

A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKey parameter (deleteWebExMeetingCheck.jsp).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
fujixerox docushare *
CVE-2019-6004 MEDIUM

Open redirect vulnerability in ApeosWare Management Suite Ver.1.4.0.18 and earlier, and ApeosWare Management Suite 2 Ver.2.1.2.4 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
fujixerox apeosware_management_suite *
fujixerox apeosware_management_suite_2 *
CVE-2020-5520 MEDIUM

The netprint App for iOS 3.2.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
fujixerox netprint *
CVE-2020-5521 MEDIUM

The kantan netprint App for iOS 2.0.2 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
fujixerox easy_netprint *
CVE-2020-5522 MEDIUM

The kantan netprint App for Android 2.0.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
fujixerox easy_netprint *
CVE-2020-5526 MEDIUM

The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2.0.8 does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
fujixerox apeosware_management_suite *
CVE-2021-20679 HIGH

Fuji Xerox multifunction devices and printers (DocuCentre-VII C7773/C6673/C5573/C4473/C3373/C3372/C2273, DocuCentre-VII C7788/C6688/C5588, ApeosPort-VII C7773/C6673/C5573/C4473/C3373/C3372 C2273, ApeosPort-VII C7788/C6688/C5588, ApeosPort C7070/C6570/C5570/C4570/C3570/C3070/C7070G/C6570G/C5570G/C4570G/C3570G/C3070G, ApeosPort-VII C4421/C3321, ApeosPort C3060/C2560/C2060/C3060G/C2560G/C2060G, ApeosPort-VII CP4421, ApeosPort Print C5570, ApeosPort 5570/4570/5570G/4570G, ApeosPort 3560/3060/2560/3560G/3060G/2560G, ApeosPort-VII 5021/ 4021, ApeosPort-VII P5021, DocuPrint CP 555 d/505 d, DocuPrint P505 d, PrimeLink C9065/C9070, DocuPrint CP475AP, and DocuPrint P475AP) allow an attacker to cause a denial of service (DoS) condition and abnormal end (ABEND) of the affected products via sending a specially crafted command.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fujixerox apeosport_c2560g_firmware -
fujixerox docucentre-vii_c4473_firmware -
fujixerox apeosport-vii_cp4422_firmware -
fujixerox primelink_c9070_firmware -
fujixerox apeosport_c2570_firmware -
fujixerox apeosport_4570_firmware -
fujixerox apeosport_c3570g_firmware -
fujixerox apeosport-vii_c3373_firmware -
fujixerox apeosport-vii_c3372_firmware -
fujixerox apeosport-vii_c7773_firmware -
fujixerox apeosport_c2360_firmware -
fujixerox apeosport-vii_c5573_firmware -
fujixerox apeosport-vii_c4421_firmware -
fujixerox docucentre-vii_c7788_firmware -
fujixerox apeosport_c7070_firmware -
fujixerox apeosport_print_c5570_firmware -
fujixerox apeosport_c6570_firmware -
fujixerox apeosport_5570g_firmware -
fujixerox apeosport_c4570_firmware -
fujixerox apeosport_c6570g_firmware -
fujixerox apeosport_4570g_firmware -
fujixerox apeosport-vii_c3321_firmware -
fujixerox docuprint_cp_555_d_firmware -
fujixerox docuprint_cp475ap_firmware -
fujixerox docucentre-vii_c3372_firmware -
fujixerox docucentre-vii_c5588_firmware -
fujixerox apeosport_c4570g_firmware -
fujixerox apeosport-vii_5021_firmware -
fujixerox apeosport_c2060g_firmware -
fujixerox apeosport_3560g_firmware -
fujixerox apeosport_c5570_firmware -
fujixerox docuprint_cp_505_d_firmware -
fujixerox apeosport_print_c4570_firmware -
fujixerox apeosport-vii_cp4421_firmware -
fujixerox apeosport-vii_c4422_firmware -
fujixerox docucentre-vii_c5573_firmware -
fujixerox apeosport_2560g_firmware -
fujixerox apeosport_3060_firmware -
fujixerox apeosport-vii_5022_firmware -
fujixerox apeosport_c2560_firmware -
fujixerox apeosport-vii_c7788_firmware -
fujixerox docucentre-vii_c3373_firmware -
fujixerox primelink_c9065_firmware -
fujixerox apeosport_5570_firmware -
fujixerox apeosport-vii_c3322_firmware -
fujixerox apeosport-vii_p4022_firmware -
fujixerox docucentre-vii_c6688_firmware -
fujixerox docuprint_cp500_d_firmware -
fujixerox apeosport-vii_c6673_firmware -
fujixerox apeosport-vii_c6688_firmware -
fujixerox docucentre-vii_c7773_firmware -
fujixerox apeosport_3560_firmware -
fujixerox apeosport_c2060_firmware -
fujixerox apeosport_c3070g_firmware -
fujixerox apeosport_c3060_firmware -
fujixerox apeosport-vii_4021_firmware -
fujixerox docuprint_p505_d_firmware -
fujixerox docucentre-vii_c6673_firmware -
fujixerox apeosport-vii_c4473_firmware -
fujixerox apeosport_c7070g_firmware -
fujixerox apeosport-vii_c5588_firmware -
fujixerox apeosport-vii_p5021_firmware -
fujixerox docuprint_p475ap_firmware -
fujixerox apeosport-vii_cp3322_firmware -
fujixerox apeosport-vii_c2273_firmware -
fujixerox apeosport_1860_firmware -
fujixerox docucentre-vi_c2264_firmware -
fujixerox apeosport_c5570g_firmware -
fujixerox apeosport_c3570_firmware -
fujixerox apeosport_c3060g_firmware -
fujixerox apeosport_c3070_firmware -
fujixerox apeosport_3570_firmware -
fujixerox docucentre-vii_c2273_firmware -
fujixerox apeosport_2560_firmware -
fujixerox apeosport_3060g_firmware -