汇总 printeron 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
历史漏洞主要涉及 CSRF与XXE 等问题,部分漏洞可能导致 会话劫持,并影响 软件部署与生产负载 相关场景。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2018-17213 | An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. A user without valid credentials can bypass the authentication process, obtaining a valid session cookie with guest/pseudo-guest level privileges. This cookie can then be further used to perform other attacks. | [email protected] | 8.8 | 0.64% | 2019-07-29 | 2024-11-21 |
| CVE-2018-17211 | An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. An unauthenticated attacker can view details about the printers associated with CPS via a crafted HTTP GET request. | [email protected] | 5.3 | 2.65% | 2019-07-29 | 2024-11-21 |
| CVE-2018-17210 | An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass the session checks (that would otherwise logout a low-privileged user) by calling the core print job components directly via crafted HTTP GET and POST requests. | [email protected] | 8.8 | 0.28% | 2019-07-20 | 2024-11-21 |
| CVE-2018-17169 | An XML external entity (XXE) vulnerability in PrinterOn version 4.1.4 and lower allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | [email protected] | 7.7 | 0.35% | 2019-04-23 | 2024-11-21 |
| CVE-2018-17168 | PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery (CSRF) vulnerabilities in the Administration page. For example, an administrator, by following a link, can be tricked into making unwanted changes to a printer (Disable, Approve, etc). | [email protected] | 6.5 | 0.06% | 2019-04-18 | 2024-11-21 |
| CVE-2018-17167 | PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" field in the Edit Group configuration, (3) "Rule Name" field in the Access Control configuration, (4) "Service Name" in the Service Configuration, or (5) First Name or Last Name field in the Edit Account configuration. | [email protected] | 5.4 | 0.32% | 2019-03-21 | 2024-11-21 |
| CVE-2018-19936 | PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion. | [email protected] | 6.5 | 0.32% | 2018-12-17 | 2024-11-21 |
| CVE-2018-10327 | PrinterOn Enterprise 4.1.3 stores the Active Directory bind credentials using base64 encoding, which allows local users to obtain credentials for a domain user by reading the cps_config.xml file. | [email protected] | 7.0 | 0.05% | 2018-05-17 | 2024-11-21 |
| CVE-2018-10326 | PrinterOn Enterprise 4.1.3 suffers from multiple authenticated stored XSS vulnerabilities via the (1) department field in the printer configuration, (2) description field in the print server configuration, and (3) username field for authentication to print as guest. | [email protected] | 5.4 | 0.31% | 2018-05-17 | 2024-11-21 |