cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-36201,https://securityvulnerability.io/vulnerability/CVE-2020-36201,Encryption Vulnerability in Xerox WorkCentre Devices,"A significant security flaw has been identified in several Xerox WorkCentre products, where passwords are not encrypted properly. This vulnerability impacts multiple device models, posing a risk of unauthorized access and exposure of sensitive information. Users of the affected models should review their security settings and consider immediate updates or security measures to mitigate potential risks associated with this weakness.",Xerox,Workcentre 3655 Firmware,7.5,HIGH,0.002199999988079071,false,,false,false,false,,,false,false,,2021-01-26T18:15:00.000Z,0
CVE-2016-11061,https://securityvulnerability.io/vulnerability/CVE-2016-11061,Remote Command Execution Vulnerability in Xerox Multifunction Printers,"Certain models of Xerox WorkCentre multifunction printers have a vulnerability in the support/remoteUI/configrui.php script, allowing unauthenticated attackers to execute arbitrary OS commands on the devices. This issue arises due to insufficient sanitization of user input parameters, enabling potential exploitation without authentication. Affected models include various versions under the WorkCentre 3655, 58XX, 59XX, 6655, 72XX, 78XX, and 7970 series, underscoring the need for immediate updates to safeguard against unauthorized access.",Xerox,Workcentre 3655 Firmware,9.8,CRITICAL,0.002219999907538295,false,,false,false,false,,,false,false,,2020-04-29T21:23:30.000Z,0
CVE-2020-9330,https://securityvulnerability.io/vulnerability/CVE-2020-9330,LDAP Credential Exposure Risk in Xerox WorkCentre Printers,"Certain Xerox WorkCentre printers prior to version 073.xxx.000.02300 lack a mechanism to require revalidation of LDAP bind credentials when the LDAP connector IP address is altered. This flaw allows an attacker, who may exploit default credentials to gain access, to change the LDAP connection IP to a malicious server. Consequently, any subsequent authentication attempts would transmit plaintext LDAP credentials to the attacker. While these credentials may belong to non-privileged users, it is common practice for organizations to use service accounts with elevated privileges for LDAP binds, potentially affording attackers significant control over the Active Directory domain.",Xerox,Workcentre 3655 Firmware,8.8,HIGH,0.0016499999910593033,false,,false,false,false,,,false,false,,2020-02-21T22:47:12.000Z,0