CVE-2024-55926

Summary

A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validation of headers, attackers can gain unauthorized access to data

Affected Software

VendorProductVersion RangeStatus
XeroxXerox Workplace Suite0 < 5.6.701.9affected

Weaknesses

  • CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type
  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References