Vasion

Virtual Appliance Application

43 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2025-34210

Exploit
  • EPSS 0.01%
  • Veröffentlicht 02.10.2025 16:13:28
  • Zuletzt bearbeitet 09.10.2025 19:22:03

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) store a large number of sensitive credentials (database passwords, MySQL root password, SaaS keys, Portainer admin password, etc.) in cleartext files th...

7.5

CVE-2025-34208

Exploit
  • EPSS 0.1%
  • Veröffentlicht 02.10.2025 16:13:06
  • Zuletzt bearbeitet 09.10.2025 19:17:34

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) store user passwords using unsalted SHA-512 hashes with a fall-back to unsalted SHA-1. The hashing is performed via PHP's `hash()` function in multiple ...

9.8

CVE-2025-34217

Exploit
  • EPSS 0.09%
  • Veröffentlicht 30.09.2025 14:15:38
  • Zuletzt bearbeitet 07.10.2025 14:02:24

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) contain an undocumented 'printerlogic' user with a hardcoded SSH public key in '~/.ssh/authorized_keys' and a sudoers rule granting the printerlogic_ssh...

7.8

CVE-2025-34235

Exploit
  • EPSS 0.24%
  • Veröffentlicht 29.09.2025 21:15:37
  • Zuletzt bearbeitet 09.10.2025 17:55:21

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (Windows client deployments) contain a registry key that can be enabled by administrators, causing the client to skip SSL...

7.5

CVE-2025-34234

Exploit
  • EPSS 0.04%
  • Veröffentlicht 29.09.2025 21:15:37
  • Zuletzt bearbeitet 09.10.2025 17:55:04

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain two hardcoded private keys that are shipped in the application containers (printerlogic/pi,...

6.8

CVE-2025-34233

Exploit
  • EPSS 0.05%
  • Veröffentlicht 29.09.2025 21:15:37
  • Zuletzt bearbeitet 09.10.2025 17:50:38

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a protection mechanism failure vulnerability within the file_get_contents() function. When ...

5.3

CVE-2025-34232

Exploit
  • EPSS 0.06%
  • Veröffentlicht 29.09.2025 21:15:37
  • Zuletzt bearbeitet 09.10.2025 19:17:18

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery (SSRF) vulnerability reachable via the /var/www/app/con...

8.6

CVE-2025-34228

Exploit
  • EPSS 0.7%
  • Veröffentlicht 29.09.2025 21:15:36
  • Zuletzt bearbeitet 09.10.2025 19:17:04

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a server-side request forgery (SSRF) vulnerability. The `/var/www/app/console_release/lexma...

9.8

CVE-2025-34223

Exploit
  • EPSS 2.42%
  • Veröffentlicht 29.09.2025 21:15:36
  • Zuletzt bearbeitet 09.10.2025 18:13:32

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) contain a default admin account and an installation‑time endpoint at `/admin/query/update_database...

9.1

CVE-2025-34224

Exploit
  • EPSS 1.95%
  • Veröffentlicht 29.09.2025 21:15:36
  • Zuletzt bearbeitet 09.10.2025 18:23:34

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose a set of PHP scripts under the `console_release` directory without requiring authentication...