HTTP server for Xerox DocuColor 4 LP allows remote attackers to cause a denial of service (hang) via a long URL that contains a large number of . characters.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | docucolor_4lp | * |
Xerox DocuPrint N40 Printers allow remote attackers to cause a denial of service via malformed data, such as that produced by the Code Red worm.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | docuprint_n40 | * |
The default configurations for DocuTech 6110 and DocuTech 6115 have a default administrative password of (1) "service!" on Solaris 8.0 or (2) "administ" on Windows NT, which allows remote attackers to gain privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | docutech_6110 | * |
| xerox | docutech_6115 | * |
The default configuration of Xerox DocuTech 6110 and DocuTech 6115 allows remote attackers to connect to the web server and (1) submit print jobs directly into the "print now" queue or (2) read the scanner job history.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | docutech_6110 | * |
| xerox | docutech_6115 | * |
The default configuration of Xerox DocuTech 6110 and DocuTech 6115 running Solaris 8.0 has a large number of unnecessary services enabled such as RPC and sprayd, which could allow remote attackers to obtain access to the device.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | docutech_6110 | * |
| xerox | docutech_6115 | * |
The default configuration of Xerox DocuTech 6110 and DocuTech 6115 exports certain NFS shares to the world with world writable permissions, which may allow remote attackers to modify sensitive files.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | docutech_6110 | * |
| xerox | docutech_6115 | * |
Xerox MicroServer Web Server for various WorkCentre products including M35/M45/M55 2.028.11.000 through 2.97.20.032 and 4.84.16.000 through 4.97.20.032, Pro 35/45/55 3.028.11.000 through 3.97.20.032, Pro 65/75/90 1.001.00.060 through 1.001.02.084, and others, has an "unauthenticated account," which allows remote attackers to modify system configuration, a different vulnerability than CVE-2005-1179.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | workcentre_m175 | * |
| xerox | workcentre_65 | * |
| xerox | workcentre_65 | 1.001.00.060 |
| xerox | workcentre_90 | 1.001.02.084 |
| xerox | workcentre_175 | * |
| xerox | workcentre_45 | * |
| xerox | workcentre_m55 | 2.28.11.000 |
| xerox | workcentre_m35 | 2.97.20.032 |
| xerox | workcentre_75 | 1.001.02.084 |
| xerox | workcentre_32_color | 0.001.00.060 |
| xerox | workcentre_40_color | * |
| xerox | workcentre_m175 | 8.47.33.008 |
| xerox | workcentre_m55 | * |
| xerox | workcentre_2636 | 0.001.04.044 |
| xerox | workcentre_3545 | 0.001.04.044 |
| xerox | workcentre_m35 | 2.28.11.000 |
| xerox | workcentre_35 | * |
| xerox | workcentre_m175 | 8.47.30.000 |
| xerox | workcentre_3545 | * |
| xerox | workcentre_32_color | * |
| xerox | workcentre_m35 | 4.84.16.000 |
| xerox | workcentre_55 | 3.028.11.000 |
| xerox | workcentre_90 | * |
| xerox | workcentre_175 | 7.47.33.008 |
| xerox | workcentre_40_color | 0.001.00.060 |
| xerox | workcentre_m175 | 6.47.33.008 |
| xerox | workcentre_m55 | 4.84.16.000 |
| xerox | workcentre_m165 | 6.47.33.008 |
| xerox | workcentre_35 | 3.97.20.032 |
| xerox | workcentre_40_color | 0.001.02.081 |
| xerox | workcentre_165 | 7.47.33.008 |
| xerox | workcentre_m165 | 8.47.30.000 |
| xerox | workcentre_m35 | * |
| xerox | workcentre_165 | * |
| xerox | workcentre_165 | 7.47.30.000 |
| xerox | workcentre_55 | 3.97.20.032 |
| xerox | workcentre_m165 | * |
| xerox | workcentre_m165 | 6.47.30.000 |
| xerox | workcentre_m175 | 6.47.30.000 |
| xerox | workcentre_75 | 1.001.00.060 |
| xerox | workcentre_35 | 3.028.11.000 |
| xerox | workcentre_m45 | 2.28.11.000 |
| xerox | workcentre_m45 | 4.84.16.000 |
| xerox | workcentre_m45 | * |
| xerox | workcentre_175 | 7.47.30.000 |
| xerox | workcentre_2128 | 0.001.04.044 |
| xerox | workcentre_55 | * |
| xerox | workcentre_90 | 1.001.00.060 |
| xerox | workcentre_65 | 1.001.02.084 |
| xerox | workcentre_m165 | 8.47.33.008 |
| xerox | workcentre_2128 | * |
| xerox | workcentre_45 | 3.028.11.000 |
| xerox | workcentre_m55 | 2.97.20.032 |
| xerox | workcentre_32_color | 0.001.02.081 |
| xerox | workcentre_75 | * |
| xerox | workcentre_45 | 3.97.20.032 |
| xerox | workcentre_m45 | 2.97.20.032 |
| xerox | workcentre_2636 | * |
Unknown vulnerability in Xerox MicroServer Web Server for various WorkCentre products including M35/M45/M55 2.028.11.000 through 2.97.20.032 and 4.84.16.000 through 4.97.20.032, Pro 35/45/55 3.028.11.000 through 3.97.20.032, Pro 65/75/90 1.001.00.060 through 1.001.02.084, and others, related to SNMP authentication, allows remote attackers to modify system configuration, a different vulnerability than CVE-2005-0703.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | workcentre_32_color | 01.02.058.4 |
| xerox | workcentre | 32_color_1.2.81 |
| xerox | workcentre_65 | 1.001.00.060 |
| xerox | workcentre_90 | 1.001.02.084 |
| xerox | workcentre_40_color | 01.02.65.1 |
| xerox | workcentre_m55 | 2.28.11.000 |
| xerox | workcentre_m55 | 4.97.20.032 |
| xerox | workcentre_m35 | 2.97.20.032 |
| xerox | workcentre_75 | 1.001.02.084 |
| xerox | workcentre_m175 | 8.47.33.008 |
| xerox | workcentre_2636 | 0.001.04.044 |
| xerox | workcentre_3545 | 0.001.04.044 |
| xerox | workcentre_40_color | 01.00.060 |
| xerox | workcentre_m35 | 2.28.11.000 |
| xerox | workcentre_m175 | 8.47.30.000 |
| xerox | workcentre_m35 | 4.84.16.000 |
| xerox | workcentre_55 | 3.028.11.000 |
| xerox | workcentre_m35 | 4.97.20.032 |
| xerox | workcentre_175 | 7.47.33.008 |
| xerox | workcentre_m175 | 6.47.33.008 |
| xerox | workcentre_m55 | 4.84.16.000 |
| xerox | workcentre_m165 | 6.47.33.008 |
| xerox | workcentre_32_color | 01.02.077.1 |
| xerox | workcentre_32_color | 01.02.053.1 |
| xerox | workcentre_35 | 3.97.20.032 |
| xerox | workcentre_165 | 7.47.33.008 |
| xerox | workcentre_m165 | 8.47.30.000 |
| xerox | workcentre_165 | 7.47.30.000 |
| xerox | workcentre_55 | 3.97.20.032 |
| xerox | workcentre_m165 | 6.47.30.000 |
| xerox | workcentre_m175 | 6.47.30.000 |
| xerox | workcentre_75 | 1.001.00.060 |
| xerox | workcentre_35 | 3.028.11.000 |
| xerox | workcentre_m45 | 2.28.11.000 |
| xerox | workcentre_m45 | 4.84.16.000 |
| xerox | workcentre_m45 | 4.97.20.025 |
| xerox | workcentre_m45 | 4.97.20.032 |
| xerox | workcentre_175 | 7.47.30.000 |
| xerox | workcentre_2128 | 0.001.04.044 |
| xerox | workcentre_32_color | 01.00.060 |
| xerox | workcentre_m35 | 4.97.20.025 |
| xerox | workcentre_90 | 1.001.00.060 |
| xerox | workcentre_65 | 1.001.02.084 |
| xerox | workcentre_m165 | 8.47.33.008 |
| xerox | workcentre_40_color | 01.02.053.1 |
| xerox | workcentre_m55 | 4.97.20.025 |
| xerox | workcentre_40_color | 01.02.077.1 |
| xerox | workcentre_45 | 3.028.11.000 |
| xerox | workcentre_m55 | 2.97.20.032 |
| xerox | workcentre_40_color | 01.02.058.4 |
| xerox | workcentre | 40_color_1.2.81 |
| xerox | workcentre_45 | 3.97.20.032 |
| xerox | workcentre_m45 | 2.97.20.032 |
Unknown vulnerability in the web server for the ESS/ Network Controller for Xerox Document Centre 240 through 555 running System Software 27.18.017 and earlier allows attackers to "gain unauthorized access."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | document_centre_425 | * |
| xerox | document_centre_432 | * |
| xerox | document_centre_426 | * |
| xerox | document_centre_420 | * |
| xerox | document_centre_440 | * |
| xerox | document_centre_555 | * |
| xerox | document_centre_230 | * |
| xerox | document_centre_545 | * |
| xerox | document_centre_460 | * |
| xerox | document_centre_220 | * |
| xerox | document_centre_535 | * |
| xerox | document_centre_430 | * |
| xerox | document_centre_240 | * |
| xerox | document_centre_490 | * |
| xerox | document_centre_332 | * |
| xerox | document_centre_470 | * |
| xerox | document_centre_480 | * |
| xerox | document_centre_265 | * |
| xerox | document_centre_340 | * |
| xerox | document_centre_255 | * |
Multiple unknown vulnerabilities in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to bypass authentication.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | workcentre_3545 | 0.001.04.504 |
| xerox | workcentre_2636 | 0.001.04.044 |
| xerox | workcentre_3545 | 0.001.04.044 |
| xerox | workcentre_2128 | 0.001.04.504 |
| xerox | workcentre_2128 | 0.001.04.044 |
| xerox | workcentre_2636 | 0.001.04.504 |
Unknown vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to cause a denial of service or access files via crafted HTTP requests.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | workcentre_3545 | 0.001.04.504 |
| xerox | workcentre_2636 | 0.001.04.044 |
| xerox | workcentre_3545 | 0.001.04.044 |
| xerox | workcentre_2128 | 0.001.04.504 |
| xerox | workcentre_2128 | 0.001.04.044 |
| xerox | workcentre_2636 | 0.001.04.504 |
Cross-site scripting (XSS) vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | workcentre_3545 | 0.001.04.504 |
| xerox | workcentre_2636 | 0.001.04.044 |
| xerox | workcentre_3545 | 0.001.04.044 |
| xerox | workcentre_2128 | 0.001.04.504 |
| xerox | workcentre_2128 | 0.001.04.044 |
| xerox | workcentre_2636 | 0.001.04.504 |
Unknown vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to bypass authentication.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | document_centre_490 | * |
| xerox | document_centre_332 | * |
| xerox | document_centre_265 | * |
| xerox | document_centre_420 | * |
| xerox | document_centre_555 | * |
| xerox | document_centre_340 | * |
| xerox | document_centre_535 | * |
Unknown vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to cause a denial of service or read files via unknown vectors involving crafted HTTP requests.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | document_centre_425 | * |
| xerox | document_centre_432 | * |
| xerox | document_centre_426 | * |
| xerox | document_centre_420 | * |
| xerox | document_centre_440 | * |
| xerox | document_centre_555 | * |
| xerox | document_centre_230 | * |
| xerox | document_centre_545 | * |
| xerox | document_centre_460 | * |
| xerox | document_centre_220 | * |
| xerox | document_centre_535 | * |
| xerox | document_centre_430 | * |
| xerox | document_centre_240 | * |
| xerox | document_centre_490 | * |
| xerox | document_centre_332 | * |
| xerox | document_centre_470 | * |
| xerox | document_centre_480 | * |
| xerox | document_centre_265 | * |
| xerox | document_centre_340 | * |
| xerox | document_centre_255 | * |
Cross-site scripting (XSS) vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to inject arbitrary web script or HTML and modify web pages via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | document_centre_490 | * |
| xerox | document_centre_332 | * |
| xerox | document_centre_265 | * |
| xerox | document_centre_420 | * |
| xerox | document_centre_555 | * |
| xerox | document_centre_340 | * |
| xerox | document_centre_535 | * |
Multiple unspecified vulnerabilities in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allow remote attackers to bypass authentication or gain "unauthorized network access" via unknown attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | workcentre_232 | * |
| xerox | workcentre_255 | * |
| xerox | workcentre_238 | * |
| xerox | workcentre_265 | * |
| xerox | workcentre_245 | * |
| xerox | workcentre_275 | * |
Unspecified vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to cause a denial of service via a crafted Postscript request.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | workcentre_232 | * |
| xerox | workcentre_255 | * |
| xerox | workcentre_238 | * |
| xerox | workcentre_265 | * |
| xerox | workcentre_245 | * |
| xerox | workcentre_275 | * |
Cross-site scripting vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | workcentre_232 | * |
| xerox | workcentre_255 | * |
| xerox | workcentre_238 | * |
| xerox | workcentre_265 | * |
| xerox | workcentre_245 | * |
| xerox | workcentre_275 | * |
Unspecified vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to "reduce effectiveness of security features" via unknown attack vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | workcentre_232 | * |
| xerox | workcentre_255 | * |
| xerox | workcentre_238 | * |
| xerox | workcentre_265 | * |
| xerox | workcentre_245 | * |
| xerox | workcentre_275 | * |
Buffer overflow in the PostScript file interpreter code for Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allows attackers to cause a denial of service via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | workcentre_90 | * |
| xerox | copycentre_c90 | * |
| xerox | copycentre_c65 | * |
| xerox | workcentre_65 | * |
| xerox | workcentre_75 | * |
| xerox | copycentre_c75 | * |
Multiple unspecified vulnerabilities in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allow remote attackers to cause an unspecified denial of service via a crafted PostScript file that will (1) "navigate through the directory" or (2) a "file sent to expose TCP/IP ports".
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | copycentre_c90_firmware | * |
| xerox | copycentre_c75_firmware | * |
| xerox | workcentre_pro_65_firmware | * |
| xerox | copycentre_c65_firmware | * |
| xerox | workcentre_pro_90_firmware | * |
| xerox | workcentre_pro_75_firmware | * |
Unspecified vulnerability in the web server code in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allows remote attackers to cause a denial of service (memory corruption) via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | copycentre_c90_firmware | * |
| xerox | copycentre_c75_firmware | * |
| xerox | workcentre_pro_65_firmware | * |
| xerox | copycentre_c65_firmware | * |
| xerox | workcentre_pro_90_firmware | * |
| xerox | workcentre_pro_75_firmware | * |
Unspecified vulnerability in the ESS/ Network Controller in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, causes the Immediate Image Overwrite feature to fail after a power loss, which could leave data exposed to attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | copycentre_c90_firmware | * |
| xerox | copycentre_c75_firmware | * |
| xerox | workcentre_pro_65_firmware | * |
| xerox | copycentre_c65_firmware | * |
| xerox | workcentre_pro_90_firmware | * |
| xerox | workcentre_pro_75_firmware | * |
Multiple unspecified vulnerabilities in the Network Controller and Web Server in Xerox WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, and 5687 allow remote attackers to (1) access mailboxes via unknown vectors that bypass Scan to Mailbox authorization or (2) read device configuration information via via unknown vectors that bypass web server authorization.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | workcentre_5632 | * |
| xerox | workcentre_5675 | * |
| xerox | workcentre_5655 | * |
| xerox | workcentre_5645 | * |
| xerox | workcentre_5687 | * |
| xerox | workcentre_5638 | * |
| xerox | workcentre_5665 | * |
Unspecified vulnerability in the Network Controller in Xerox WorkCentre 6400 System Software 060.070.109.11407 through 060.070.109.29510, and Net Controller 060.079.11410 through 060.079.29310, allows remote attackers to access "directory structure" via a crafted PostScript file, aka "Unauthorized Directory Structure Access Vulnerability."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | workcentre_6400_system_software | 060.070.109.29510 |
| xerox | workcentre_6400_net_controller | 060.079.29310 |
| xerox | workcentre_6400_net_controller | 060.079.11410 |
| xerox | workcentre_6400_system_software | 060.070.109.11407 |
The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| adobe | flash_player | * |
| xerox | freeflow_print_server | 8.0 |
| adobe | adobe_air | * |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/DTrace Framework.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | freeflow_print_server | 8.0 |
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Bind/Postinstall script for Bind package.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | freeflow_print_server | 8.0 |
| sun | sunos | 5.10 |
Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | workcentre_7530_firmware | 2013 |
| xerox | workcentre_7765_firmware | 2013 |
| xerox | workcentre_7545_firmware | 2013 |
| xerox | workcentre_7775_firmware | 2013 |
| xerox | workcentre_7535_firmware | 2013 |
| xerox | workcentre_7556_firmware | 2013 |
| xerox | colorqube_9201_firmware | 2013 |
| xerox | workcentre_7525_firmware | 2013 |
| xerox | colorqube_9202_firmware | 2013 |
| xerox | workcentre_6400_firmware | 2013 |
| xerox | colorqube_9203_firmware | 2013 |
| xerox | workcentre_7755_firmware | 2013 |
SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATH_INFO to /docushare/dsweb/ResultBackgroundJobMultiple/. NOTE: some of these details are obtained from third party information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | docushare | 6.6.1 |
| xerox | docushare | 6.5.3 |
Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | workcentre_7970i_firmware | * |
| xerox | workcentre_7220_firmware | * |
| xerox | workcentre_5955_firmware | * |
| xerox | workcentre_5890_firmware | * |
| xerox | workcentre_7845_firmware | * |
| xerox | workcentre_7855_firmware | * |
| xerox | workcentre_5865i_firmware | * |
| xerox | workcentre_7970_firmware | * |
| xerox | workcentre_3655_firmware | * |
| xerox | workcentre_7835_firmware | * |
| xerox | workcentre_5875i_firmware | * |
| xerox | workcentre_5955i_firmware | * |
| xerox | workcentre_7830_firmware | * |
| xerox | workcentre_7225_firmware | * |
| xerox | workcentre_6655i_firmware | * |
| xerox | workcentre_6655_firmware | * |
| xerox | workcentre_3655i_firmware | * |
| xerox | workcentre_5945_firmware | * |
| xerox | workcentre_5945i_firmware | * |
| xerox | workcentre_5865_firmware | * |
| xerox | workcentre_7225i_firmware | * |
| xerox | workcentre_5875_firmware | * |
| xerox | workcentre_5890i_firmware | * |
| xerox | workcentre_7200i_firmware | * |
| xerox | workcentre_7200_firmware | * |
Cross-site scripting (XSS) in the web interface of the Xerox ColorQube 8580 allows remote persistent injection of custom HTML / JavaScript code.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | colorqube_8580_firmware | - |
The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-77,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | altalink_b8075_firmware | * |
| xerox | altalink_c8030_firmware | * |
| xerox | altalink_b8045_firmware | * |
| xerox | altalink_c8045_firmware | * |
| xerox | altalink_b8055_firmware | * |
| xerox | altalink_c8070_firmware | * |
| xerox | altalink_b8065_firmware | * |
| xerox | altalink_c8035_firmware | * |
| xerox | altalink_c8055_firmware | * |
| xerox | altalink_b8090_firmware | * |
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is authenticated remote command execution.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | workcentre_7970i_firmware | * |
| xerox | workcentre_7830i_firmware | * |
| xerox | workcentre_7220_firmware | * |
| xerox | workcentre_7855i_firmware | * |
| xerox | workcentre_5890_firmware | * |
| xerox | workcentre_5845_firmware | * |
| xerox | workcentre_7845_firmware | * |
| xerox | workcentre_7855_firmware | * |
| xerox | workcentre_5900i_firmware | * |
| xerox | workcentre_5900_firmware | * |
| xerox | workcentre_5865i_firmware | * |
| xerox | workcentre_7970_firmware | * |
| xerox | workcentre_3655_firmware | * |
| xerox | workcentre_7835_firmware | * |
| xerox | workcentre_5875i_firmware | * |
| xerox | workcentre_7835i_firmware | * |
| xerox | workcentre_7830_firmware | * |
| xerox | workcentre_7225_firmware | * |
| xerox | workcentre_6655i_firmware | * |
| xerox | workcentre_6655_firmware | * |
| xerox | workcentre_3655i_firmware | * |
| xerox | workcentre_7220i_firmware | * |
| xerox | workcentre_ec7856_firmware | * |
| xerox | workcentre_ec7836_firmware | * |
| xerox | workcentre_5865_firmware | * |
| xerox | workcentre_7225i_firmware | * |
| xerox | workcentre_5875_firmware | * |
| xerox | workcentre_5890i_firmware | * |
| xerox | workcentre_7845i_firmware | * |
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | workcentre_7970i_firmware | * |
| xerox | workcentre_7830i_firmware | * |
| xerox | workcentre_7220_firmware | * |
| xerox | workcentre_7855i_firmware | * |
| xerox | workcentre_5890_firmware | * |
| xerox | workcentre_5845_firmware | * |
| xerox | workcentre_7845_firmware | * |
| xerox | workcentre_7855_firmware | * |
| xerox | workcentre_5900i_firmware | * |
| xerox | workcentre_5900_firmware | * |
| xerox | workcentre_5865i_firmware | * |
| xerox | workcentre_7970_firmware | * |
| xerox | workcentre_3655_firmware | * |
| xerox | workcentre_7835_firmware | * |
| xerox | workcentre_5875i_firmware | * |
| xerox | workcentre_7835i_firmware | * |
| xerox | workcentre_7830_firmware | * |
| xerox | workcentre_7225_firmware | * |
| xerox | workcentre_6655i_firmware | * |
| xerox | workcentre_6655_firmware | * |
| xerox | workcentre_3655i_firmware | * |
| xerox | workcentre_7220i_firmware | * |
| xerox | workcentre_ec7856_firmware | * |
| xerox | workcentre_ec7836_firmware | * |
| xerox | workcentre_5865_firmware | * |
| xerox | workcentre_7225i_firmware | * |
| xerox | workcentre_5875_firmware | * |
| xerox | workcentre_5890i_firmware | * |
| xerox | workcentre_7845i_firmware | * |
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is a Local File Inclusion vulnerability.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | workcentre_7970i_firmware | * |
| xerox | workcentre_7830i_firmware | * |
| xerox | workcentre_7220_firmware | * |
| xerox | workcentre_7855i_firmware | * |
| xerox | workcentre_5890_firmware | * |
| xerox | workcentre_5845_firmware | * |
| xerox | workcentre_7845_firmware | * |
| xerox | workcentre_7855_firmware | * |
| xerox | workcentre_5900i_firmware | * |
| xerox | workcentre_5900_firmware | * |
| xerox | workcentre_5865i_firmware | * |
| xerox | workcentre_7970_firmware | * |
| xerox | workcentre_3655_firmware | * |
| xerox | workcentre_7835_firmware | * |
| xerox | workcentre_5875i_firmware | * |
| xerox | workcentre_7835i_firmware | * |
| xerox | workcentre_7830_firmware | * |
| xerox | workcentre_7225_firmware | * |
| xerox | workcentre_6655i_firmware | * |
| xerox | workcentre_6655_firmware | * |
| xerox | workcentre_3655i_firmware | * |
| xerox | workcentre_7220i_firmware | * |
| xerox | workcentre_ec7856_firmware | * |
| xerox | workcentre_ec7836_firmware | * |
| xerox | workcentre_5865_firmware | * |
| xerox | workcentre_7225i_firmware | * |
| xerox | workcentre_5875_firmware | * |
| xerox | workcentre_5890i_firmware | * |
| xerox | workcentre_7845i_firmware | * |
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is Blind SQL Injection.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | workcentre_7970i_firmware | * |
| xerox | workcentre_7830i_firmware | * |
| xerox | workcentre_7220_firmware | * |
| xerox | workcentre_7855i_firmware | * |
| xerox | workcentre_5890_firmware | * |
| xerox | workcentre_5845_firmware | * |
| xerox | workcentre_7845_firmware | * |
| xerox | workcentre_7855_firmware | * |
| xerox | workcentre_5900i_firmware | * |
| xerox | workcentre_5900_firmware | * |
| xerox | workcentre_5865i_firmware | * |
| xerox | workcentre_7970_firmware | * |
| xerox | workcentre_3655_firmware | * |
| xerox | workcentre_7835_firmware | * |
| xerox | workcentre_5875i_firmware | * |
| xerox | workcentre_7835i_firmware | * |
| xerox | workcentre_7830_firmware | * |
| xerox | workcentre_7225_firmware | * |
| xerox | workcentre_6655i_firmware | * |
| xerox | workcentre_6655_firmware | * |
| xerox | workcentre_3655i_firmware | * |
| xerox | workcentre_7220i_firmware | * |
| xerox | workcentre_ec7856_firmware | * |
| xerox | workcentre_ec7836_firmware | * |
| xerox | workcentre_5865_firmware | * |
| xerox | workcentre_7225i_firmware | * |
| xerox | workcentre_5875_firmware | * |
| xerox | workcentre_5890i_firmware | * |
| xerox | workcentre_7845i_firmware | * |
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is unauthenticated Remote Command Execution.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | workcentre_7970i_firmware | * |
| xerox | workcentre_7830i_firmware | * |
| xerox | workcentre_7220_firmware | * |
| xerox | workcentre_7855i_firmware | * |
| xerox | workcentre_5890_firmware | * |
| xerox | workcentre_5845_firmware | * |
| xerox | workcentre_7845_firmware | * |
| xerox | workcentre_7855_firmware | * |
| xerox | workcentre_5900i_firmware | * |
| xerox | workcentre_5900_firmware | * |
| xerox | workcentre_5865i_firmware | * |
| xerox | workcentre_7970_firmware | * |
| xerox | workcentre_3655_firmware | * |
| xerox | workcentre_7835_firmware | * |
| xerox | workcentre_5875i_firmware | * |
| xerox | workcentre_7835i_firmware | * |
| xerox | workcentre_7830_firmware | * |
| xerox | workcentre_7225_firmware | * |
| xerox | workcentre_6655i_firmware | * |
| xerox | workcentre_6655_firmware | * |
| xerox | workcentre_3655i_firmware | * |
| xerox | workcentre_7220i_firmware | * |
| xerox | workcentre_ec7856_firmware | * |
| xerox | workcentre_ec7836_firmware | * |
| xerox | workcentre_5865_firmware | * |
| xerox | workcentre_7225i_firmware | * |
| xerox | workcentre_5875_firmware | * |
| xerox | workcentre_5890i_firmware | * |
| xerox | workcentre_7845i_firmware | * |
Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | colorqube_9302_firmware | * |
| xerox | colorqube_8700_firmware | * |
| xerox | colorqube_8900_firmware | * |
| xerox | colorqube_9301_firmware | * |
| xerox | colorqube_9303_firmware | * |
Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-259,CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | altalink_b8075_firmware | * |
| xerox | altalink_c8030_firmware | * |
| xerox | altalink_b8045_firmware | * |
| xerox | altalink_c8045_firmware | * |
| xerox | altalink_b8055_firmware | * |
| xerox | altalink_c8070_firmware | * |
| xerox | altalink_b8065_firmware | * |
| xerox | altalink_c8035_firmware | * |
| xerox | altalink_c8055_firmware | * |
| xerox | altalink_b8090_firmware | * |
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the request parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on the device.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | phaser_3320_firmware | v53.006.16.000 |
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout. Local account credentials may be extracted from the device via brute force guessing attacks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-307,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | phaser_3320_firmware | v53.006.16.000 |
Multiple Stored XSS vulnerabilities were found in the Xerox Web Application, used by the Phaser 3320 V53.006.16.000 and other printers. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | phaser_3320_firmware | v53.006.16.000 |
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the attributes parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on the device.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | phaser_3320_firmware | v53.006.16.000 |
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to execute arbitrary code on the device.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | phaser_3320_firmware | v53.006.16.000 |
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement any mechanism to avoid CSRF attacks. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | phaser_3320_firmware | v53.006.16.000 |
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by an insecure handling of the register parameters, because the size used within a memcpy() function, which copied the action value into a local variable, was not checked properly.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | phaser_3320_firmware | v53.006.16.000 |
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Authentication Cookie of the web application that would allow an attacker to execute arbitrary code on the device.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | phaser_3320_firmware | v53.006.16.000 |
Xerox AtlaLink B8045/B8055/B8065/B8075/B8090 C8030/C8035/C8045/C8055/C8070 printers with software before 101.00x.089.22600 allow an attacker to gain privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | atlalink_firmware | 101.002.089.22600 |
| xerox | atlalink_firmware | 101.003.089.22600 |
| xerox | atlalink_firmware | 101.001.089.22600 |
| xerox | atlalink_firmware | 101.008.089.22600 |
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | altalink_b8075_firmware | * |
| xerox | altalink_c8030_firmware | * |
| xerox | altalink_b8045_firmware | * |
| xerox | altalink_c8045_firmware | * |
| xerox | altalink_b8055_firmware | * |
| xerox | altalink_c8070_firmware | * |
| xerox | altalink_b8065_firmware | * |
| xerox | altalink_c8035_firmware | * |
| xerox | altalink_c8055_firmware | * |
| xerox | altalink_b8090_firmware | * |
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a compromised private key.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.2 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | altalink_b8075_firmware | * |
| xerox | altalink_c8030_firmware | * |
| xerox | altalink_b8045_firmware | * |
| xerox | altalink_c8045_firmware | * |
| xerox | altalink_b8055_firmware | * |
| xerox | altalink_c8070_firmware | * |
| xerox | altalink_b8065_firmware | * |
| xerox | altalink_c8035_firmware | * |
| xerox | altalink_c8055_firmware | * |
| xerox | altalink_b8090_firmware | * |
On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-312,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | altalink_b8075_firmware | * |
| xerox | altalink_c8030_firmware | * |
| xerox | altalink_b8045_firmware | * |
| xerox | altalink_c8045_firmware | * |
| xerox | altalink_b8055_firmware | * |
| xerox | altalink_c8070_firmware | * |
| xerox | altalink_b8065_firmware | * |
| xerox | altalink_c8035_firmware | * |
| xerox | altalink_c8055_firmware | * |
| xerox | altalink_b8090_firmware | * |
Xerox AltaLink C8035 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.)
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | altalink_c8035_firmware | - |
Xerox WorkCentre EC7836 before 073.050.059.25300 and EC7856 before 073.020.059.25300 devices allow XSS via Description pages.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | workcentre_ec7856_firmware | * |
| xerox | workcentre_ec7836_firmware | * |
An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords. This affects 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-327,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | workcentre_7970i_firmware | * |
| xerox | workcentre_7830i_firmware | * |
| xerox | workcentre_7220_firmware | * |
| xerox | workcentre_5955_firmware | * |
| xerox | workcentre_7855i_firmware | * |
| xerox | workcentre_5890_firmware | * |
| xerox | workcentre_7845_firmware | * |
| xerox | workcentre_7855_firmware | * |
| xerox | workcentre_5865i_firmware | * |
| xerox | workcentre_7970_firmware | * |
| xerox | workcentre_3655_firmware | * |
| xerox | workcentre_7835_firmware | * |
| xerox | workcentre_5875i_firmware | * |
| xerox | workcentre_5955i_firmware | * |
| xerox | workcentre_7835i_firmware | * |
| xerox | workcentre_7830_firmware | * |
| xerox | workcentre_7225_firmware | * |
| xerox | workcentre_6655i_firmware | * |
| xerox | workcentre_6655_firmware | * |
| xerox | workcentre_3655i_firmware | * |
| xerox | workcentre_7220i_firmware | * |
| xerox | workcentre_ec7856_firmware | * |
| xerox | workcentre_ec7836_firmware | * |
| xerox | workcentre_5945_firmware | * |
| xerox | workcentre_5945i_firmware | * |
| xerox | workcentre_5865_firmware | * |
| xerox | workcentre_7225i_firmware | * |
| xerox | workcentre_5875_firmware | * |
| xerox | workcentre_5890i_firmware | * |
| xerox | workcentre_7845i_firmware | * |
Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not require the user to reenter or validate LDAP bind credentials when changing the LDAP connector IP address. A malicious actor who gains access to affected devices (e.g., by using default credentials) can change the LDAP connection IP address to a system owned by the actor without knowledge of the LDAP bind credentials. After changing the LDAP connection IP address, subsequent authentication attempts will result in the printer sending plaintext LDAP (Active Directory) credentials to the actor. Although the credentials may belong to a non-privileged user, organizations frequently use privileged service accounts to bind to Active Directory. The attacker gains a foothold on the Active Directory domain at a minimum, and may use the credentials to take over control of the Active Directory domain. This affects 3655*, 3655i*, 58XX*, 58XXi*, 59XX*, 59XXi*, 6655**, 6655i**, 72XX*, 72XXi*, 78XX**, 78XXi**, 7970**, 7970i**, EC7836**, and EC7856** devices.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-306,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | workcentre_7970i_firmware | * |
| xerox | workcentre_7220_firmware | * |
| xerox | workcentre_5955_firmware | * |
| xerox | workcentre_6655i_firmware | * |
| xerox | workcentre_5845_firmware | * |
| xerox | workcentre_7845_firmware | * |
| xerox | workcentre_5855_firmware | * |
| xerox | workcentre_6655_firmware | * |
| xerox | workcentre_3655i_firmware | * |
| xerox | workcentre_7855_firmware | * |
| xerox | workcentre_ec7856_firmware | * |
| xerox | workcentre_ec7836_firmware | * |
| xerox | workcentre_5945_firmware | * |
| xerox | workcentre_7970_firmware | * |
| xerox | workcentre_3655_firmware | * |
| xerox | workcentre_7835_firmware | * |
| xerox | workcentre_7830_firmware | * |
| xerox | workcentre_7225_firmware | * |
Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | altalink_b8075_firmware | * |
| xerox | altalink_c8030_firmware | * |
| xerox | altalink_b8045_firmware | * |
| xerox | altalink_c8045_firmware | * |
| xerox | altalink_b8055_firmware | * |
| xerox | altalink_c8070_firmware | * |
| xerox | altalink_b8065_firmware | * |
| xerox | altalink_c8035_firmware | * |
| xerox | altalink_c8055_firmware | * |
| xerox | altalink_b8090_firmware | * |
Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-862,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | altalink_b8075_firmware | * |
| xerox | altalink_c8030_firmware | * |
| xerox | altalink_b8045_firmware | * |
| xerox | altalink_c8045_firmware | * |
| xerox | altalink_b8055_firmware | * |
| xerox | altalink_c8070_firmware | * |
| xerox | altalink_b8065_firmware | * |
| xerox | altalink_c8035_firmware | * |
| xerox | altalink_c8055_firmware | * |
| xerox | altalink_b8090_firmware | * |
Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H | 3.9 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | altalink_b8075_firmware | * |
| xerox | altalink_c8030_firmware | * |
| xerox | altalink_b8045_firmware | * |
| xerox | altalink_c8045_firmware | * |
| xerox | altalink_b8055_firmware | * |
| xerox | altalink_c8070_firmware | * |
| xerox | altalink_b8065_firmware | * |
| xerox | altalink_c8035_firmware | * |
| xerox | altalink_c8055_firmware | * |
| xerox | altalink_b8090_firmware | * |
Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before 33.65.51 and 33.59.01 (Bridge), B7025/30/35 before 58.65.51 and 58.59.11 (Bridge), C400 before 67.65.51 and 67.59.01 (Bridge), C405 before 68.65.51 and 68.59.01 (Bridge), C500/C600 before 61.65.51 and 61.59.01 (Bridge), C505/C605 before 62.65.51 and 62.59.01 (Bridge), C7000 before 56.65.51 and 56.59.01 (Bridge), C7020/25/30 before 57.65.51 and 57.59.01 (Bridge), C8000/C9000 before 70.65.51 and 70.59.01 (Bridge), C8000W before 72.65.51 have a remote Command Execution vulnerability in the Web User Interface that allows remote attackers with "a weaponized clone file" to execute arbitrary commands.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | versalink_b7025_firmware | * |
| xerox | versalink_c400_firmware | * |
| xerox | versalink_c500_firmware | * |
| xerox | phaser_6510_firmware | * |
| xerox | versalink_c7020_firmware | * |
| xerox | versalink_b400_firmware | * |
| xerox | versalink_b605_firmware | * |
| xerox | versalink_b615_firmware | * |
| xerox | versalink_c7030_firmware | * |
| xerox | workcentre_6515_firmware | * |
| xerox | versalink_b7030_firmware | * |
| xerox | versalink_c8000w_firmware | * |
| xerox | versalink_c8000_firmware | * |
| xerox | versalink_c7000_firmware | * |
| xerox | versalink_b7035_firmware | * |
| xerox | versalink_c7025_firmware | * |
| xerox | versalink_c9000_firmware | * |
| xerox | versalink_b610_firmware | * |
| xerox | versalink_c600_firmware | * |
| xerox | versalink_c605_firmware | * |
| xerox | versalink_b405_firmware | * |
| xerox | versalink_c405_firmware | * |
| xerox | versalink_b600_firmware | * |
| xerox | versalink_c505_firmware | * |
Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before 33.65.51 and 33.59.01 (Bridge), B7025/30/35 before 58.65.51 and 58.59.11 (Bridge), C400 before 67.65.51 and 67.59.01 (Bridge), C405 before 68.65.51 and 68.59.01 (Bridge), C500/C600 before 61.65.51 and 61.59.01 (Bridge), C505/C605 before 62.65.51 and 62.59.01 (Bridge), C7000 before 56.65.51 and 56.59.01 (Bridge), C7020/25/30 before 57.65.51 and 57.59.01 (Bridge), C8000/C9000 before 70.65.51 and 70.59.01 (Bridge), C8000W before 72.65.51 allows remote attackers to execute arbitrary code through a buffer overflow in Web page parameter handling.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | versalink_b7025_firmware | * |
| xerox | versalink_c400_firmware | * |
| xerox | versalink_c500_firmware | * |
| xerox | phaser_6510_firmware | * |
| xerox | versalink_c7020_firmware | * |
| xerox | versalink_b400_firmware | * |
| xerox | versalink_b605_firmware | * |
| xerox | versalink_b615_firmware | * |
| xerox | versalink_c7030_firmware | * |
| xerox | workcentre_6515_firmware | * |
| xerox | versalink_b7030_firmware | * |
| xerox | versalink_c8000w_firmware | * |
| xerox | versalink_c8000_firmware | * |
| xerox | versalink_c7000_firmware | * |
| xerox | versalink_b7035_firmware | * |
| xerox | versalink_c7025_firmware | * |
| xerox | versalink_c9000_firmware | * |
| xerox | versalink_b610_firmware | * |
| xerox | versalink_c600_firmware | * |
| xerox | versalink_c605_firmware | * |
| xerox | versalink_b405_firmware | * |
| xerox | versalink_c405_firmware | * |
| xerox | versalink_b600_firmware | * |
| xerox | versalink_c505_firmware | * |
Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 6515 before 65.61.23 and 65.59.11 (Bridge), VersaLink B400 before 37.61.23 and 37.59.01 (Bridge), B405 before 38.61.23 and 38.59.01 (Bridge), B600/B610 before 32.61.23 and 32.59.01 (Bridge), B605/B615 before 33.61.23 and 33.59.01 (Bridge), B7025/30/35 before 58.61.23 and 58.59.11 (Bridge), C400 before 67.61.23 and 67.59.01 (Bridge), C405 before 68.61.23 and 68.59.01 (Bridge), C500/C600 before 61.61.23 and 61.59.01 (Bridge), C505/C605 before 62.61.23 and 62.59.11 (Bridge), C7000 before 56.61.23 and 56.59.01 (Bridge), C7020/25/30 before 57.61.23 and 57.59.01 (Bridge), C8000/C9000 before 70.61.23 and 70.59.01 (Bridge), allows remote attackers with "a weaponized clone file" to execute arbitrary commands in the Web User Interface.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | workcentre_6515_firmware | * |
| xerox | versalink_b7025_firmware | * |
| xerox | versalink_b7030_firmware | * |
| xerox | versalink_c400_firmware | * |
| xerox | versalink_c8000_firmware | * |
| xerox | versalink_c7000_firmware | * |
| xerox | versalink_c500_firmware | * |
| xerox | versalink_b7035_firmware | * |
| xerox | phaser_6510_firmware | * |
| xerox | versalink_c7020_firmware | * |
| xerox | versalink_b400_firmware | * |
| xerox | versalink_c7025_firmware | * |
| xerox | versalink_c9000_firmware | * |
| xerox | versalink_b605_firmware | * |
| xerox | versalink_b610_firmware | * |
| xerox | versalink_c600_firmware | * |
| xerox | versalink_c605_firmware | * |
| xerox | versalink_b615_firmware | * |
| xerox | versalink_b405_firmware | * |
| xerox | versalink_c7030_firmware | * |
| xerox | versalink_c405_firmware | * |
| xerox | versalink_b600_firmware | * |
| xerox | versalink_c505_firmware | * |
Xerox Phaser 4622 v35.013.01.000 was discovered to contain a buffer overflow in the function sub_3226AC via the TIMEZONE variable. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | phaser_4622_firmware | 35.013.01.000 |
XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | xmpie_ustore | 12.3.7244.0 |
A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | 1.7 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | xmpie_ustore | 12.3.7244.0 |
Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthenticated HTTP POST request. There is a permanent denial of service because image parsing causes a reboot, but image parsing is restarted as soon as the boot process finishes. However, this boot loop can be resolved by a field technician. The TIFF file must have an incomplete Image Directory. Affected firmware versions include xx.42.01 and xx.50.61. NOTE: the 2022-01-24 NeoSmart article included "believed to affect all previous and later versions as of the date of this posting" but a 2022-01-26 vendor statement reports "the latest versions of firmware are not vulnerable to this issue."
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | versalink_firmware | * |
Xerox ColorQube 8580 was discovered to contain an access control issue which allows attackers to print, view the status, and obtain sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | colorqube_8580_firmware | - |
On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | workcentre_3550_firmware | 25.003.03.000 |
Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient. With the knowledge of the encryption process and the encryption key, the information such as the server credentials may be obtained from the exported Address Book data. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.2 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fujifilm | apeos_6580_firmware | * |
| fujifilm | apeosport_4570_firmware | * |
| xerox | primelink_b9100_firmware | * |
| xerox | versalink_c7125_firmware | * |
| fujifilm | apeos_2560_gk_firmware | * |
| fujifilm | apeos_c2560_gk_firmware | * |
| fujifilm | apeosport_c6570_firmware | * |
| fujifilm | apeos_c3060_gk_firmware | * |
| fujifilm | apeosport_3060_g_firmware | * |
| fujifilm | apeos_c4030_firmware | * |
| xerox | primelink_b9110_firmware | * |
| fujifilm | apeos_3060_gk_firmware | * |
| xerox | primelink_c9065_firmware | * |
| fujifilm | apeosport_5570_firmware | * |
| fujifilm | apeosport_3060_firmware | * |
| xerox | versalink_b605_firmware | * |
| fujifilm | apeos_4570_firmware | * |
| fujifilm | apeosport_3570_firmware | * |
| fujifilm | apeos_c6580_firmware | * |
| xerox | versalink_c7030_firmware | * |
| fujifilm | apeosport-vii_5021_firmware | * |
| fujifilm | revoria_press_e1136_firmware | * |
| fujifilm | apeosport_c3060_g_firmware | * |
| fujifilm | primelink_c9070_firmware | * |
| xerox | workcentre_6515_firmware | * |
| fujifilm | apeosport_4570_g_firmware | * |
| fujifilm | apeos_5570_firmware | * |
| fujifilm | apeosport_c2560_firmware | * |
| fujifilm | apeos_3560_firmware | * |
| fujifilm | apeosport_3560_g_firmware | * |
| xerox | versalink_c7025_firmware | * |
| fujifilm | apeosport_5570_g_firmware | * |
| fujifilm | apeosport_c3060_firmware | * |
| fujifilm | apeos_6340_firmware | * |
| fujifilm | apeosport_c4570_firmware | * |
| xerox | versalink_c605_firmware | * |
| xerox | versalink_b7125_firmware | * |
| fujifilm | apeosport_c3070_firmware | * |
| fujifilm | apeos_c4570_firmware | * |
| fujifilm | apeosport-vii_c3321_firmware | * |
| fujifilm | apeos_c2060_firmware | * |
| xerox | versalink_c405_firmware | * |
| fujifilm | apeosport_c5570_firmware | * |
| fujifilm | apeos_c5570_firmware | * |
| fujifilm | apeosport_c7070_firmware | * |
| fujifilm | apeospro_c650_firmware | * |
| fujifilm | revoria_press_e1100_firmware | * |
| fujifilm | apeos_c7580_firmware | * |
| xerox | versalink_c505_firmware | * |
| fujifilm | apeos_4830_firmware | * |
| fujifilm | apeos_c2560_firmware | * |
| fujifilm | apeos_c5240_firmware | * |
| xerox | primelink_c9070_firmware | * |
| fujifilm | apeosport_c3570_firmware | * |
| xerox | versalink_c7120_firmware | * |
| fujifilm | apeosport_2560_firmware | * |
| fujifilm | apeospro_c810_firmware | * |
| fujifilm | apeos_c3060_firmware | * |
| fujifilm | apeos_5330_firmware | * |
| xerox | versalink_c7020_firmware | * |
| fujifilm | apeosport-vii_4021_firmware | * |
| fujifilm | apeos_3560_gk_firmware | * |
| fujifilm | apeos_2560_firmware | * |
| fujifilm | apeosport_3560_firmware | * |
| fujifilm | apeos_c6570_firmware | * |
| xerox | primelink_b9136_firmware | * |
| xerox | versalink_b7130_firmware | * |
| fujifilm | apeos_c8180_firmware | * |
| xerox | versalink_c7130_firmware | * |
| fujifilm | apeosport_c2560_g_firmware | * |
| xerox | versalink_b615_firmware | * |
| fujifilm | apeos_c7070_firmware | * |
| fujifilm | apeospro_c750_firmware | * |
| fujifilm | apeos_c3530_firmware | * |
| xerox | versalink_b7135_firmware | * |
| fujifilm | apeos_7580_firmware | * |
| fujifilm | revoria_press_sc180_firmware | * |
| fujifilm | revoria_press_sc170_firmware | * |
| xerox | primelink_b9125_firmware | * |
| xerox | versalink_c7000_firmware | * |
| fujifilm | revoria_press_e1125_firmware | * |
| fujifilm | apeosport_c2060_g_firmware | * |
| fujifilm | revoria_press_e1110_firmware | * |
| fujifilm | apeosport-vii_c4421_firmware | * |
| fujifilm | apeos_c2060_gk_firmware | * |
| fujifilm | primelink_c9065_firmware | * |
| fujifilm | apeos_c3570_firmware | * |
| fujifilm | apeosport_c2060_firmware | * |
| fujifilm | apeosport_2560_g_firmware | * |
| xerox | versalink_b405_firmware | * |
| fujifilm | apeos_c2570_firmware | * |
| fujifilm | apeos_c3070_firmware | * |
| fujifilm | apeos_3060_firmware | * |
In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This exploit targets improper host validation, potentially exposing sensitive API endpoints.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 10b61619-3869-496c-8a1e-f291b0e71e3f | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | workplace_suite | * |
A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validation of headers, attackers can gain unauthorized access to data
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 10b61619-3869-496c-8a1e-f291b0e71e3f | 7.6 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H | 2.8 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | workplace_suite | * |
A vulnerability in Xerox Workplace Suite arises from flawed token generation and the use of hard-coded keys. These weaknesses allow attackers to predict or forge tokens, leading to unauthorized access to sensitive functions.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 10b61619-3869-496c-8a1e-f291b0e71e3f | 7.6 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L | 2.8 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | workplace_suite | * |
Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows attackers to intercept or access secrets without encryption
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 10b61619-3869-496c-8a1e-f291b0e71e3f | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | workplace_suite | * |
A mail spoofing vulnerability in Xerox Workplace Suite allows attackers to forge email headers, making it appear as though messages are sent from trusted sources.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 10b61619-3869-496c-8a1e-f291b0e71e3f | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | workplace_suite | * |
Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 10b61619-3869-496c-8a1e-f291b0e71e3f | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | workplace_suite | * |
Xerox Workplace Suite stores tokens in session storage, which may expose them to potential access if a user's session is compromised. The patch for this vulnerability will be included in a future release of Workplace Suite, and customers will be notified through an update to the security bulletin.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 10b61619-3869-496c-8a1e-f291b0e71e3f | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | workplace_suite | * |
In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 10b61619-3869-496c-8a1e-f291b0e71e3f | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | freeflow_core | 8.0.4 |
In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 10b61619-3869-496c-8a1e-f291b0e71e3f | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | freeflow_core | 8.0.4 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xerox CentreWare on Windows allows Stored XSS.This issue affects CentreWare: through 7.0.6. Consider upgrading Xerox® CentreWare Web® to v7.2.2.25 via the software available on Xerox.com
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 10b61619-3869-496c-8a1e-f291b0e71e3f | 5.3 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N | 1.0 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | centreware_web | * |
Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads https://www.support.xerox.com/en-us/product/core/downloads
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 10b61619-3869-496c-8a1e-f291b0e71e3f | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | freeflow_core | * |
An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 10b61619-3869-496c-8a1e-f291b0e71e3f | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xerox | freeflow_core | * |