Vasion

Virtual Appliance Host

43 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.6

CVE-2025-34225

Exploit
  • EPSS 0.7%
  • Veröffentlicht 29.09.2025 21:15:36
  • Zuletzt bearbeitet 09.10.2025 19:16:47

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a server-side request forgery (SSRF) vulnerability. The `console_release` directory is reac...

5.8

CVE-2025-34229

Exploit
  • EPSS 0.06%
  • Veröffentlicht 29.09.2025 21:15:36
  • Zuletzt bearbeitet 09.10.2025 16:13:24

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery (SSRF) vulnerability reachable via the /var/www/app/con...

5.8

CVE-2025-34230

Exploit
  • EPSS 0.06%
  • Veröffentlicht 29.09.2025 21:15:36
  • Zuletzt bearbeitet 09.10.2025 16:13:49

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery (SSRF) vulnerability reachable via the /var/www/app/con...

8.6

CVE-2025-34231

Exploit
  • EPSS 0.4%
  • Veröffentlicht 29.09.2025 21:15:36
  • Zuletzt bearbeitet 09.10.2025 16:14:08

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind and non-blind server-side request forgery (SSRF) vulnerability. The '/var/www/app/c...

9.1

CVE-2025-34222

Exploit
  • EPSS 0.23%
  • Veröffentlicht 29.09.2025 21:15:35
  • Zuletzt bearbeitet 09.10.2025 18:13:17

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose four admin routes – /admin/hp/cert_upload, /admin/hp/cert_delete, /admin/certs/ca, and /adm...

9.8

CVE-2025-34221

Exploit
  • EPSS 3%
  • Veröffentlicht 29.09.2025 21:15:35
  • Zuletzt bearbeitet 09.10.2025 18:11:54

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 25.2.1518 (VA/SaaS deployments) expose every internal Docker container to the network because firewall rules allow unrestricted tra...

5.3

CVE-2025-34220

Exploit
  • EPSS 0.28%
  • Veröffentlicht 29.09.2025 21:15:35
  • Zuletzt bearbeitet 09.10.2025 18:05:10

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contains a /api-gateway/identity/search-groups endpoint that does not require authentication. Reque...

9.8

CVE-2025-34218

Exploit
  • EPSS 0.8%
  • Veröffentlicht 29.09.2025 21:15:35
  • Zuletzt bearbeitet 09.10.2025 18:04:33

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose internal Docker containers through the gw Docker instance. The gateway publishes a /meta e...

9.8

CVE-2025-34216

Exploit
  • EPSS 0.21%
  • Veröffentlicht 29.09.2025 21:15:35
  • Zuletzt bearbeitet 09.10.2025 18:04:23

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 (VA deployments only) expose a set of unauthenticated REST API endpoints that return configuration files and clear‑text ...

9.8

CVE-2025-34215

Exploit
  • EPSS 0.46%
  • Veröffentlicht 29.09.2025 21:15:35
  • Zuletzt bearbeitet 18.10.2025 01:50:20

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 (only VA deployments) expose an unauthenticated firmware-upload flow: a public page returns a signed token usable at va-...