cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-12511,https://securityvulnerability.io/vulnerability/CVE-2024-12511,Weakness in Xerox Printer SMB/FTP Configuration Management,"A security vulnerability in Xerox printers allows unauthorized modification of SMB and FTP settings through address book access. This can lead to redirected scans and the potential capture of sensitive credentials. The issue necessitates that scanning features and printer access are enabled, creating an exploit vector for malicious actors. Ensuring proper configuration and access controls is critical for safeguarding sensitive data.",Xerox,"Versalink B400,Versalink B405,Versalink C400,Versalink C405,Versalink B600/b610,Versalink B605/b615,Versalink C500/c600,Versalink C505/c605,Versalink C7000,Versalink C7020/c7025/c7030,Versalink B7025/b7030/b7035,Versalink B7125/b7130/b7135,Versalink C7120/c7125/c7130,Versalink C8000/c9000,Versalink C8000w,Phaser 6510,Workcentre 6515",7.6,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-03T19:23:52.125Z,0
CVE-2024-12510,https://securityvulnerability.io/vulnerability/CVE-2024-12510,LDAP Authentication Bypass in Xerox Products,"An LDAP configuration issue in certain Xerox printers may allow an attacker with admin access to redirect authentication requests to a malicious server, thereby risking exposure of sensitive credentials. This vulnerability necessitates an active LDAP setup and access to the admin interface, emphasizing the importance of proper configuration and access control.",Xerox,"Versalink B400,Versalink B405,Versalink C400,Versalink C405,Versalink B600/b610,Versalink B605/b615,Versalink C500/c600,Versalink C505/c605,Versalink C7000,Versalink C7020/c7025/c7030,Versalink B7025/b7030/b7035,Versalink B7125/b7130/b7135,Versalink C7120/c7125/c7130,Versalink C8000/c9000,Versalink C8000w,Phaser 6510,Workcentre 6515",6.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,true,false,,2025-02-03T18:52:16.942Z,4156
CVE-2024-55931,https://securityvulnerability.io/vulnerability/CVE-2024-55931,Session Storage Vulnerability in Xerox Workplace Suite,"Xerox Workplace Suite stores user tokens in session storage, which may lead to unauthorized access if a session is compromised. This flaw highlights the importance of securing session data to prevent potential data breaches. A fix is expected in an upcoming release, and users will receive notifications via security bulletins to ensure they can protect their information.",Xerox,Xerox Workplace Suite,6.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-27T11:28:45.510Z,0
CVE-2024-55930,https://securityvulnerability.io/vulnerability/CVE-2024-55930,Weak Default Folder Permissions in Xerox Workplace Suite,"The Xerox Workplace Suite is subject to a vulnerability resulting from weak default folder permissions, potentially allowing unauthorized access to sensitive data. This misconfiguration can expose critical information, making it essential for users to review and strengthen their folder permission settings to protect against data breaches.",Xerox,Xerox Workplace Suite,6.6,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-23T17:36:01.763Z,0
CVE-2024-55929,https://securityvulnerability.io/vulnerability/CVE-2024-55929,Mail Spoofing Vulnerability in Xerox Workplace Suite,"A mail spoofing vulnerability in the Xerox Workplace Suite can allow attackers to send emails with forged sender addresses. This could trick recipients into trusting malicious communication, potentially leading to further security breaches or data exposure.",Xerox,Xerox Workplace Suite,5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-23T17:30:34.224Z,0
CVE-2024-55928,https://securityvulnerability.io/vulnerability/CVE-2024-55928,Clear Text Secrets Exposure in Xerox Workplace Suite,"The Xerox Workplace Suite is affected by a vulnerability that exposes sensitive information, including clear text secrets and remote system secrets. This could allow unauthorized users to access critical data, leading to potential security breaches. Organizations using this software should take immediate steps to mitigate risks associated with this vulnerability and ensure robust security measures are in place.",Xerox,Xerox Workplace Suite,6.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-23T17:25:46.915Z,0
CVE-2024-55927,https://securityvulnerability.io/vulnerability/CVE-2024-55927,Token Generation Flaw in Xerox Workplace Suite,"The Xerox Workplace Suite is affected by a security vulnerability due to a flawed implementation of token generation, compounded by the presence of hard-coded keys. This serious design flaw can potentially allow unauthorized access and manipulation of sensitive data within the system. Organizations utilizing this product should prioritize updating their systems to mitigate the risks associated with this vulnerability.",Xerox,Xerox Workplace Suite,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-23T17:20:29.974Z,0
CVE-2024-55926,https://securityvulnerability.io/vulnerability/CVE-2024-55926,Arbitrary File Upload Vulnerability in Xerox Workplace Suite,"This vulnerability allows attackers to exploit the Xerox Workplace Suite by manipulating HTTP headers, leading to arbitrary file uploads, deletion, and unauthorized file access. Such weaknesses can enable unauthorized users to upload malicious files or delete critical system files, compromising the integrity and confidentiality of the application.",Xerox,Xerox Workplace Suite,6.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-01-23T17:12:21.371Z,0
CVE-2024-55925,https://securityvulnerability.io/vulnerability/CVE-2024-55925,API Security Bypass in Xerox Workplace Suite,"The vulnerability results from improper handling of API requests, allowing unauthorized users to manipulate headers and bypass security mechanisms. This can lead to exposure of sensitive data or unauthorized access to protected resources within the Xerox Workplace Suite. Users are advised to review the security bulletin and implement recommended measures to mitigate the risk.",Xerox,Xerox Workplace Suite,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-23T17:03:33.187Z,0
CVE-2024-6333,https://securityvulnerability.io/vulnerability/CVE-2024-6333,"Remote Code Execution Vulnerability in Xerox Altalink, Versalink, and WorkCentre Products","A severe vulnerability has been identified in Xerox Altalink, Versalink, and WorkCentre products, allowing authenticated users to execute arbitrary code remotely. This could result in unauthorized access and potential system compromise. Users and administrators are advised to review the official security bulletin from Xerox to understand the implications and apply necessary updates to safeguard their environments.",Xerox,"Altalink® B8045 / B8055 / B8065 / B8075 / B8090 | C8030 / C8035 / C8045 / C8055 / C807,Xerox® Ec8036 / Ec8056,Xerox® Ec8036 / Ec8056 - Common Criteria (june 2022),Xerox® Ec8036 / Ec8056 - Common Criteria (june 2024),Altalink®c8130 / C8135 / C8145 / C8155 / C8170 | B8145 / B8155 / B8170 Common Criteria (aug 2024),Altalink® C8130 / C8135 / C8145 / C8155 / C8170 | B8145 / B8155 / B8170 Common Criteria Certified (aug 2023),Versalink® B625 / C625 | B425 / C425 Common Criteria Certified (2024),Workcentre 3655/3655i,Workcentre 5945/55i,Workcentre 6655/6655i,Workcentre 7220/7225i,Workcentre 7830/7835i,Workcentre 7845/7855i,Workcentre 7845/7855 (ibg),Workcentre 7970/7970i,Workcentre Ec7836,Workcentre Ec7856",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-17T13:51:16.011Z,0
CVE-2024-47556,https://securityvulnerability.io/vulnerability/CVE-2024-47556,Remote Code Execution Vulnerability in Xerox FreeFlow Core,"The vulnerability identified presents the possibility of pre-authentication remote code execution through a path traversal technique. This security flaw enables unauthorized access to system files and executing commands on the server, posing a serious risk to organizations using the affected product. The improper validation of user-supplied input allows attackers to manipulate file paths, potentially leading to a full compromise of the system hosting Xerox FreeFlow Core. Companies relying on this software should promptly apply security patches provided in the relevant security bulletin to mitigate the risk.",Xerox,Freeflow Core,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-10-07T19:15:00.000Z,0
CVE-2024-47559,https://securityvulnerability.io/vulnerability/CVE-2024-47559,Authenticated Remote Code Execution Vulnerability in Xerox FreeFlow Core,"The vulnerability in Xerox FreeFlow Core (v7.0) allows for authenticated remote code execution through a path traversal flaw. This issue occurs when improper validation of user-supplied input enables an attacker to alter file paths in a way that may lead to unauthorized access and execution of malicious code on the server. If exploited, this vulnerability poses significant risks to the confidentiality, integrity, and availability of the system. Users are strongly advised to apply available patches and enhancements to safeguard their environments.",Xerox,Freeflow Core,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-10-07T19:15:00.000Z,0
CVE-2024-47558,https://securityvulnerability.io/vulnerability/CVE-2024-47558,Authenticated Remote Code Execution Vulnerability in Xerox FreeFlow Core,"An authenticated remote code execution vulnerability exists in Xerox FreeFlow Core, allowing for potential exploitation through a path traversal issue. Attackers with valid credentials could manipulate input paths to gain unauthorized access to system resources, potentially leading to malicious code execution. It is crucial for users of affected versions to apply the security updates provided in the Xerox Security Bulletin to mitigate this risk.",Xerox,Freeflow Core,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-10-07T19:15:00.000Z,0
CVE-2024-47557,https://securityvulnerability.io/vulnerability/CVE-2024-47557,Path Traversal Vulnerability in Xerox FreeFlow Core,"A path traversal vulnerability exists in Xerox FreeFlow Core, which may allow an attacker to execute remote code on the affected system without prior authentication. By exploiting this flaw, unauthorized users can traverse directories to access sensitive files and potentially gain control over the system. It is crucial for organizations utilizing this product to apply any available patches and implement security measures to mitigate the risk associated with this vulnerability.",Xerox,Freeflow Core,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-10-07T19:15:00.000Z,0
CVE-2024-47555,https://securityvulnerability.io/vulnerability/CVE-2024-47555,Missing Authentication Vulnerability in Xerox FreeFlow Core,"The vulnerability in Xerox FreeFlow Core v7.0 arises from missing authentication mechanisms which could allow unauthorized users to access and configure the system. This lack of proper verification opens the door for potential exploitation, posing a significant risk to sensitive information and system integrity. Organizations using this affected product should take immediate action to mitigate the risk by applying the necessary updates and implementing robust security practices.",Xerox,FreeFlow Core,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-07T18:15:00.000Z,0
CVE-2022-45897,https://securityvulnerability.io/vulnerability/CVE-2022-45897,Authenticated Access Vulnerability in Xerox WorkCentre 3550,"An authenticated access vulnerability exists in the Xerox WorkCentre 3550, specifically on version 25.003.03.000. This flaw allows an attacker with legitimate credentials to access the SMB server settings of the device, potentially exposing sensitive information such as stored cleartext credentials. Exploitation of this vulnerability may lead to unauthorized access to critical configuration details, compromising the security of the entire network.",Xerox,Workcentre 3550 Firmware,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-01-31T00:15:00.000Z,0
CVE-2022-26572,https://securityvulnerability.io/vulnerability/CVE-2022-26572,Access Control Issue in Xerox ColorQube 8580,"The Xerox ColorQube 8580 contains an access control issue that could allow attackers to gain unauthorized access to print jobs and view device status. Additionally, this vulnerability may enable malicious actors to extract sensitive information from the device, posing a significant risk to users relying on this printer for secure document handling. It is crucial for users to apply any available security updates and review their network security practices to mitigate potential exploitation.",Xerox,Colorqube 8580 Firmware,7.5,HIGH,0.0014100000262260437,false,,false,false,false,,,false,false,,2022-04-04T18:31:13.000Z,0
CVE-2021-37354,https://securityvulnerability.io/vulnerability/CVE-2021-37354,Buffer Overflow Vulnerability in Xerox Phaser 4622 Printer,"A buffer overflow vulnerability has been identified in the Xerox Phaser 4622 printer, specifically affecting version v35.013.01.000. This issue arises within the function sub_3226AC through improper handling of the TIMEZONE variable. An attacker can exploit this flaw by supplying specially crafted overflow data, potentially leading to a Denial of Service (DoS) condition, disrupting printer operations and affecting network printer availability.",Xerox,Phaser 4622 Firmware,9.8,CRITICAL,0.003269999986514449,false,,false,false,false,,,false,false,,2022-02-15T19:08:27.000Z,0
CVE-2022-23321,https://securityvulnerability.io/vulnerability/CVE-2022-23321,Persistent Cross-Site Scripting Vulnerability in XMPie UStore by XMPie,"A persistent cross-site scripting (XSS) vulnerability poses significant security risks within the XMPie UStore application. This flaw exists in two input fields located in the administrative panel where user details can be edited. An attacker could exploit this vulnerability to inject malicious scripts, compromising the integrity of the application and potentially gaining unauthorized access to sensitive data. It is crucial for administrators of XMPie UStore version 12.3.7244.0 to apply necessary security measures and updates to mitigate this security risk.",Xerox,Xmpie Ustore,4.8,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-02-10T18:11:16.000Z,0
CVE-2022-23320,https://securityvulnerability.io/vulnerability/CVE-2022-23320,SQL Injection Vulnerability in XMPie uStore by XMPie,"XMPie uStore version 12.3.7244.0 contains a security vulnerability that allows authenticated administrators to execute raw SQL queries. The presence of default administrative credentials facilitates unauthorized access, enabling potential attackers to exfiltrate sensitive information from the database. This poses a significant risk to data confidentiality and integrity, underscoring the importance of secure configuration and proper credential management.",Xerox,Xmpie Ustore,7.5,HIGH,0.002309999894350767,false,,false,false,false,,,false,false,,2022-02-07T10:47:33.000Z,0
CVE-2022-23968,https://securityvulnerability.io/vulnerability/CVE-2022-23968,Remote Device Vulnerability in Xerox VersaLink Firmware,"Xerox VersaLink devices running specific versions of firmware prior to January 26, 2022, are susceptible to a vulnerability that enables remote attackers to cause a permanent denial of service. By exploiting a crafted TIFF file sent via an unauthenticated HTTP POST request, the devices can enter a boot loop due to faulty image parsing after a reboot. Although field technicians can resolve the issue, affected firmware versions including xx.42.01 and xx.50.61 are at risk. A recent vendor statement clarifies that newer firmware versions are not vulnerable.",Xerox,Versalink Firmware,7.5,HIGH,0.002749999985098839,false,,false,false,false,,,false,false,,2022-01-26T05:01:51.000Z,0
CVE-2019-10881,https://securityvulnerability.io/vulnerability/CVE-2019-10881,Default hidden Privileged Account Vulnerability in multiple XEROX devices,"Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled.",Xerox,"Altalink B8045/b8055/b8065/b8075/b8090,Altalink C8030/c8035/c8045/c8055/c8070,Workcentre 3655,Workcentre 5845/5855/5865/5875/5890,Workcentre 5945/5955,Workcentre 6655,Workcentre 7220/7225,Workcentre 7830/7835/7845/7855,Workcentre 7970,Workcentre Ec7836/ec7856,Colorqube 9301/9302/9303,Colorqube 8700/8900,Workcentre 6400,Phaser 6700,Phaser 7800,Workcentre 5735/5740/5745/5755/5765/5775/5790,Workcentre 7525/7530/7535/7545/7556,Workcentre 7755/7765/7775",9.4,CRITICAL,0.0017800000496208668,false,,false,false,false,,,false,false,,2021-04-13T20:58:01.000Z,0
CVE-2021-28671,https://securityvulnerability.io/vulnerability/CVE-2021-28671,Remote Command Execution Vulnerability in Xerox Printers and Multifunction Devices,"A remote command execution vulnerability exists in the Web User Interface of several models of Xerox printers and multifunction devices. This flaw permits remote attackers, using a specifically crafted or weaponized clone file, to execute arbitrary commands on the devices. The vulnerability affects various versions of models such as the Xerox Phaser, WorkCentre, and VersaLink, necessitating immediate attention and remediation to safeguard against unauthorized access and potential exploitation.",Xerox,Phaser 6510 Firmware,9.8,CRITICAL,0.004110000096261501,false,,false,false,false,,,false,false,,2021-03-29T20:06:50.000Z,0
CVE-2021-28672,https://securityvulnerability.io/vulnerability/CVE-2021-28672,Buffer Overflow Vulnerability in Xerox Phaser and WorkCentre Printers,"The vulnerability in various Xerox printers allows remote attackers to execute arbitrary code by exploiting a buffer overflow in Web page parameter handling. This security flaw affects multiple models, enabling unauthorized access and potential malicious activities, thus emphasizing the necessity for immediate updates to secure these devices.",Xerox,Phaser 6510 Firmware,9.8,CRITICAL,0.00851999968290329,false,,false,false,false,,,false,false,,2021-03-29T20:06:46.000Z,0
CVE-2021-28668,https://securityvulnerability.io/vulnerability/CVE-2021-28668,SQL Injection Vulnerabilities in Xerox AltaLink B80xx and C80xx Series,"Several SQL injection vulnerabilities have been identified in the Xerox AltaLink B80xx and C80xx series of multifunction printers. These weaknesses could allow attackers to execute arbitrary SQL commands, potentially leading to unauthorized access to sensitive data. Users with affected versions are advised to update their firmware to the latest releases to mitigate these vulnerabilities and ensure the security of their printing environment.",Xerox,Altalink B8045 Firmware,9.8,CRITICAL,0.0013800000306218863,false,,false,false,false,,,false,false,,2021-03-29T19:28:09.000Z,0