6.5
CVE-2023-4568
- EPSS 83.2%
- Veröffentlicht 13.09.2023 21:15:07
- Zuletzt bearbeitet 21.11.2024 08:35:26
- Quelle vulnreport@tenable.com
- CVE-Watchlists
- Unerledigt
LoginPaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Papercut ≫ Papercut Ng Version <= 22.0.12
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 83.2% | 0.992 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
| vulnreport@tenable.com | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.