Lucene search

[email protected]CVE-2022-42909

HistoryFeb 03, 2023 - 7:15 p.m.

CVE-2022-42909

2023-02-0319:15:12

CWE-862

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-42909

wepa print away

authorization verification

print orders

release codes

document access

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.6%

JSON

WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they don´t own and print hem without authorization. In order to exploit this vulnerability, the user must have an account with wepanow.com or any of the institutions they serve, and be logged in.

Affected configurations

Vulners

NVD

Node

wepanowprint_awayRange≤not versioned

CPENameOperatorVersion
wepanow:print_awaywepanow print awayeq-

CPE	Name	Operator	Version
wepanow:print_away	wepanow print away	eq	-

CNA Affected

[
  {
    "vendor": "WEPA",
    "product": "Wepa Print Away",
    "versions": [
      {
        "version": "not versioned",
        "status": "affected"
      }
    ]
  }
]

References

enrique.wtf/CVE-2022-42909

www.incibe-cert.es/en/early-warning/security-advisories/multiple-vulnerabilities-wepa-print-away

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.6%

JSON

Related for CVE-2022-42909

nvd1 prion1 cvelist1