CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-42642
https://notcve.org/view.php?id=CVE-2021-42642
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the plaintext console username and password for a printer. PrinterLogic Web Stack versiones 19.1.1.13 SP9 y anteriores, son susceptibles a una vulnerabilidad de Referencia Directa de Objetos No Segura (IDOR), que permite a un atacante no autenticado revelar el nombre de usuario y la contraseña de la consola en texto plano para una impresora • http://printerlogic.com https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss&utm_medium=rss&utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite https://www.printerlogic.com/security-bulletin https:// • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-42641
https://notcve.org/view.php?id=CVE-2021-42641
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the username and email address of all users. PrinterLogic Web Stack versiones 19.1.1.13 SP9 y anteriores, son susceptibles a una vulnerabilidad de Referencia Directa de Objetos No Segura (IDOR), que permite a un atacante no autenticado revelar el nombre de usuario y la dirección de correo electrónico de todos los usuarios • http://printerlogic.com https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss&utm_medium=rss&utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite https://www.printerlogic.com/security-bulletin https:// • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 1CVE-2021-42640
https://notcve.org/view.php?id=CVE-2021-42640
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to reassign drivers for any printer. PrinterLogic Web Stack versiones 19.1.1.13 SP9 y anteriores, son susceptibles a una vulnerabilidad de Referencia Directa de Objetos No Segura (IDOR), que permite a un atacante no autenticado reasignar los controladores de cualquier impresora • http://printerlogic.com https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss&utm_medium=rss&utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite https://www.printerlogic.com/security-bulletin https:// • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 1CVE-2021-42639
https://notcve.org/view.php?id=CVE-2021-42639
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to multiple reflected cross site scripting vulnerabilities. Attacker controlled input is reflected back in the page without sanitization. PrinterLogic Web Stack versiones 19.1.1.13 SP9 y anteriores, son susceptibles a múltiples vulnerabilidades de tipo cross site scripting reflejadas. La entrada controlada por el atacante es reflejada de nuevo en la página sin sanearla • http://printerlogic.com https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss&utm_medium=rss&utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite https://www.printerlogic.com/security-bulletin https:// • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 1CVE-2021-42637
https://notcve.org/view.php?id=CVE-2021-42637
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL, resulting in a Server Side Request Forgery (SSRF) vulnerability. PrinterLogic Web Stack versiones 19.1.1.13 SP9 y anteriores, usan entradas controladas por el usuario para diseñar una URL, resultando en una vulnerabilidad de tipo Server Side Request Forgery (SSRF) • http://printerlogic.com https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss&utm_medium=rss&utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite https://www.printerlogic.com/security-bulletin https:// • CWE-918: Server-Side Request Forgery (SSRF) •