8.2
CVE-2023-27351
- EPSS 44.75%
- Veröffentlicht 20.04.2023 16:15:07
- Zuletzt bearbeitet 21.04.2026 12:48:26
- Quelle zdi-disclosures@trendmicro.com
- CVE-Watchlists
- Unerledigt
LoginThis vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Papercut ≫ Papercut Mf Version >= 15.0 < 20.1.7
Papercut ≫ Papercut Mf Version >= 21.0.0 < 21.2.11
Papercut ≫ Papercut Mf Version >= 22.0.0 < 22.0.9
Papercut ≫ Papercut Ng Version >= 15.0 < 20.1.7
Papercut ≫ Papercut Ng Version >= 21.0.0 < 21.2.11
Papercut ≫ Papercut Ng Version >= 22.0.0 < 22.0.9
20.04.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog
PaperCut NG/MF Improper Authentication Vulnerability
SchwachstellePaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the SecurityRequestFilter class.
BeschreibungApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 44.75% | 0.975 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| zdi-disclosures@trendmicro.com | 8.2 | 3.9 | 4.2 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.