CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32427
https://notcve.org/view.php?id=CVE-2022-32427
PrinterLogic Windows Client through 25.0.0.676 allows attackers to execute directory traversal. Authenticated users with prior knowledge of the driver filename could exploit this to escalate privileges or distribute malicious content. This issue has been resolved in PrinterLogic Windows Client 25.0.0688 and all affected are advised to upgrade. El cliente de Windows de PrinterLogic hasta la versión 25.0.0.676 permite que los atacantes ejecuten el cruce de directorios. Los usuarios autentificados con conocimiento previo del nombre de archivo del controlador podrían aprovechar esta situación para escalar privilegios o distribuir contenido malicioso. • https://docs.printercloud.com/1-Printerlogic/Release_Notes/Client_Release_Notes.htm?tocpath=_____9 https://www.printerlogic.com/security-bulletin • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-42642
https://notcve.org/view.php?id=CVE-2021-42642
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the plaintext console username and password for a printer. PrinterLogic Web Stack versiones 19.1.1.13 SP9 y anteriores, son susceptibles a una vulnerabilidad de Referencia Directa de Objetos No Segura (IDOR), que permite a un atacante no autenticado revelar el nombre de usuario y la contraseña de la consola en texto plano para una impresora • http://printerlogic.com https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss&utm_medium=rss&utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite https://www.printerlogic.com/security-bulletin https:// • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-42641
https://notcve.org/view.php?id=CVE-2021-42641
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the username and email address of all users. PrinterLogic Web Stack versiones 19.1.1.13 SP9 y anteriores, son susceptibles a una vulnerabilidad de Referencia Directa de Objetos No Segura (IDOR), que permite a un atacante no autenticado revelar el nombre de usuario y la dirección de correo electrónico de todos los usuarios • http://printerlogic.com https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss&utm_medium=rss&utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite https://www.printerlogic.com/security-bulletin https:// • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 1CVE-2021-42640
https://notcve.org/view.php?id=CVE-2021-42640
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to reassign drivers for any printer. PrinterLogic Web Stack versiones 19.1.1.13 SP9 y anteriores, son susceptibles a una vulnerabilidad de Referencia Directa de Objetos No Segura (IDOR), que permite a un atacante no autenticado reasignar los controladores de cualquier impresora • http://printerlogic.com https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss&utm_medium=rss&utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite https://www.printerlogic.com/security-bulletin https:// • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 1CVE-2021-42639
https://notcve.org/view.php?id=CVE-2021-42639
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to multiple reflected cross site scripting vulnerabilities. Attacker controlled input is reflected back in the page without sanitization. PrinterLogic Web Stack versiones 19.1.1.13 SP9 y anteriores, son susceptibles a múltiples vulnerabilidades de tipo cross site scripting reflejadas. La entrada controlada por el atacante es reflejada de nuevo en la página sin sanearla • http://printerlogic.com https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss&utm_medium=rss&utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite https://www.printerlogic.com/security-bulletin https:// • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •