Lucene search

Eb41dac7-0af8-4f84-9f6d-0272772514f4NVD:CVE-2024-1884

HistoryMar 14, 2024 - 4:15 a.m.

CVE-2024-1884

2024-03-1404:15:08

CWE-918

eb41dac7-0af8-4f84-9f6d-0272772514f4

web.nvd.nist.gov

server-side request forgery

papercut ng/mf

http requests

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.0%

JSON

This is a Server-Side Request Forgery (SSRF) vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker’s choosing.

References

www.papercut.com/kb/Main/Security-Bulletin-March-2024

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.0%

JSON

Related for NVD:CVE-2024-1884