3.1

CVE-2024-1221

This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. The attacker must carry out some reconnaissance to gain knowledge of a system token. This CVE only affects Linux and macOS PaperCut NG/MF servers.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PapercutPapercut Mf Version < 20.1.10
   ApplemacOS Version-
   LinuxLinux Kernel Version-
PapercutPapercut Mf Version >= 21.0.0 < 21.2.14
   ApplemacOS Version-
   LinuxLinux Kernel Version-
PapercutPapercut Mf Version >= 22.0.0 < 22.1.5
   ApplemacOS Version-
   LinuxLinux Kernel Version-
PapercutPapercut Mf Version >= 23.0.1 < 23.0.7
   ApplemacOS Version-
   LinuxLinux Kernel Version-
PapercutPapercut Ng Version < 20.1.10
   ApplemacOS Version-
   LinuxLinux Kernel Version-
PapercutPapercut Ng Version >= 21.0.0 < 21.2.14
   ApplemacOS Version-
   LinuxLinux Kernel Version-
PapercutPapercut Ng Version >= 22.0.0 < 22.1.5
   ApplemacOS Version-
   LinuxLinux Kernel Version-
PapercutPapercut Ng Version >= 23.0.1 < 23.0.7
   ApplemacOS Version-
   LinuxLinux Kernel Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.82% 0.739
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.1 1.6 1.4
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
eb41dac7-0af8-4f84-9f6d-0272772514f4 3.1 1.6 1.4
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-76 Improper Neutralization of Equivalent Special Elements

The product correctly neutralizes certain special elements, but it improperly neutralizes equivalent special elements.