CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2021-28668
https://notcve.org/view.php?id=CVE-2021-28668
Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities. Xerox AltaLink B80xx versiones anteriores a 103.008.020.23120, C8030/C8035 versiones anteriores a 103.001.020.23120, C8045/C8055 versiones anteriores a 103.002.020.23120 y C8070 versiones anteriores a 103.003.020.23120, presenta varias vulnerabilidades de inyección SQL • https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2021-28669
https://notcve.org/view.php?id=CVE-2021-28669
Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights. Xerox AltaLink B80xx versiones anteriores a 103.008.020.23120, C8030/C8035 versiones anteriores a 103.001.020.23120, C8045/C8055 versiones anteriores a 103.002.020.23120 y C8070 versiones anteriores a 103.003.020.23120, proporcionan la habilidad de ajustar atributos de configuración sin derechos administrativos • https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 92EXPL: 0CVE-2021-28673
https://notcve.org/view.php?id=CVE-2021-28673
Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 6515 before 65.61.23 and 65.59.11 (Bridge), VersaLink B400 before 37.61.23 and 37.59.01 (Bridge), B405 before 38.61.23 and 38.59.01 (Bridge), B600/B610 before 32.61.23 and 32.59.01 (Bridge), B605/B615 before 33.61.23 and 33.59.01 (Bridge), B7025/30/35 before 58.61.23 and 58.59.11 (Bridge), C400 before 67.61.23 and 67.59.01 (Bridge), C405 before 68.61.23 and 68.59.01 (Bridge), C500/C600 before 61.61.23 and 61.59.01 (Bridge), C505/C605 before 62.61.23 and 62.59.11 (Bridge), C7000 before 56.61.23 and 56.59.01 (Bridge), C7020/25/30 before 57.61.23 and 57.59.01 (Bridge), C8000/C9000 before 70.61.23 and 70.59.01 (Bridge), allows remote attackers with "a weaponized clone file" to execute arbitrary commands in the Web User Interface. Xerox Phaser 6510 versiones anteriores a 64.61.23 y 64.59.11 (Bridge), WorkCentre 6515 versiones anteriores a 65.61.23 y 65.59.11 (Bridge), VersaLink B400 versiones anteriores a 37.61.23 y 37.59.01 (Bridge), B405 versiones anteriores a 38.61.23 y 38.59 .01 (Bridge), B600/B610 versiones anteriores a 32.61.23 y 32.59.01 (Bridge), B605/B615 versiones anteriores a 33.61.23 y 33.59.01 (Bridge), B7025/30/35 versiones anteriores a 58.61.23 y 58.59.11 ( Bridge), C400 versiones anteriores a 67.61.23 y 67.59.01 (Bridge), C405 versiones anteriores a 68.61.23 y 68.59.01 (Bridge), C500/C600 versiones anteriores a 61.61.23 y 61.59.01 (Bridge), C505/C605 versiones anteriores a 62.61. 23 y 62.59.11 (Bridge), C7000 versiones anteriores a 56.61.23 y 56.59.01 (Bridge), C7020/25/30 versiones anteriores a 57.61.23 y 57.59.01 (Bridge), C8000/C9000 versiones anteriores a 70.61.23 y 70.59.01 (Bridge), permite a atacantes remotos con "a weaponized clone file" ejecutar comandos arbitrarios en la interfaz de usuario web • https://securitydocs.business.xerox.com/wp-content/uploads/2020/06/cert_Security_Mini_Bulletin_XRX20K_for_PH6510_WC6515_VLB4xx_C4xx_B6XX_B70xx_C5xx_C6xx_C7xxx.pdf •
CVSS: 9.1EPSS: 0%CPEs: 20EXPL: 0CVE-2021-28670
https://notcve.org/view.php?id=CVE-2021-28670
Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk. Xerox AltaLink B8045/B8090 versiones anteriores a 103.008.030.32000, C8030/C8035 versiones anteriores a 103.001.030.32000, C8045/C8055 versiones anteriores a 103.002.030.32000 y C8070 versiones anteriores a 103.003.030.32000, permiten a usuarios no autorizados, aprovechar la funcionalidad Scan To Mailbox, para eliminar archivos arbitrarios del disco • https://securitydocs.business.xerox.com/wp-content/uploads/2020/12/cert_Security_Mini_Bulletin_XRX20X_for_ALB80xx-C80xxv.pdf •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2019-18630
https://notcve.org/view.php?id=CVE-2019-18630
On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure. En las impresoras multifunción Xerox AltaLink B8045/B8055/B8065/B8075/B8090 y C8030/C8035/C8045/C8055/C8070 con versiones de software anteriores a 101.00x.099.28200, las partes de la unidad que contenían código ejecutable no se cifraron, por lo que quedaron abiertas a posibles cifrados de divulgación de información • https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.2.pdf • CWE-312: Cleartext Storage of Sensitive Information •