Lucene search

Eb41dac7-0af8-4f84-9f6d-0272772514f4NVD:CVE-2024-1222

HistoryMar 14, 2024 - 3:15 a.m.

CVE-2024-1222

2024-03-1403:15:07

CWE-200

eb41dac7-0af8-4f84-9f6d-0272772514f4

web.nvd.nist.gov

api

authorization

papercut ng/mf

vulnerability

unauthorized access

elevated privileges

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.0%

JSON

This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. This applies to a small subset of PaperCut NG/MF API calls.

References

www.papercut.com/kb/Main/Security-Bulletin-March-2024

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.0%

JSON

Related for NVD:CVE-2024-1222