Lucene search

Japan Vulnerability NotesJVN:24659622

HistoryNov 16, 2022 - 12:00 a.m.

JVN#24659622: RICOH Aficio SP 4210N vulnerable to cross-site scripting

2022-11-1600:00:00

Japan Vulnerability Notes

jvn.jp

ricoh

aficio sp 4210n

cross-site scripting

cwe-79

web image monitor

firmware

update

administrative privilege

security

vulnerability

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

41.4%

JSON

Aficio SP 4210N provided by RICOH COMPANY, LTD. contains a cross-site scripting vulnerability (CWE-79) in Web Image Monitor.

Impact

An arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege.

Solution

Update the firmware
Update the firmware to the latest version according to the information provided by the developer.

Products Affected

Aficio SP 4210N firmware versions prior to Web Support 1.05