7.5
CVE-2021-42641
- EPSS 2.09%
- Veröffentlicht 02.02.2022 18:15:07
- Zuletzt bearbeitet 21.11.2024 06:27:53
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginPrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the username and email address of all users.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Printerlogic ≫ Web Stack Version < 19.1.1.13
Printerlogic ≫ Web Stack Version19.1.1.13 Update-
Printerlogic ≫ Web Stack Version19.1.1.13 Updatesp2
Printerlogic ≫ Web Stack Version19.1.1.13 Updatesp3-3
Printerlogic ≫ Web Stack Version19.1.1.13 Updatesp9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.09% | 0.792 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-668 Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
http://printerlogic.com
https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints
https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html
https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss&utm_medium=rss&utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite
https://www.printerlogic.com/security-bulletin/
https://www.securityweek.com/printerlogic-patches-code-execution-flaws-printer-management-suite
https://www.yahooinc.com/paranoids/paranoids-vulnerability-research-printerlogic-issues-security-alert/