{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-55926", "assignerOrgId": "10b61619-3869-496c-8a1e-f291b0e71e3f", "state": "PUBLISHED", "assignerShortName": "Xerox", "dateReserved": "2024-12-13T14:30:30.206Z", "datePublished": "2025-01-23T17:12:21.371Z", "dateUpdated": "2025-02-24T17:11:02.567Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Xerox Workplace Suite", "vendor": "Xerox", "versions": [{"lessThan": "5.6.701.9", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2025-01-23T17:05:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validation of headers, attackers can gain unauthorized access to data"}], "value": "A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validation of headers, attackers can gain unauthorized access to data"}], "impacts": [{"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}, {"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}, {"capecId": "CAPEC-78", "descriptions": [{"lang": "en", "value": "CAPEC-78 Using Escaped Slashes in Alternate Encoding"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "10b61619-3869-496c-8a1e-f291b0e71e3f", "shortName": "Xerox", "dateUpdated": "2025-02-24T17:11:02.567Z"}, "references": [{"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-002-for-Xerox%C2%AE-WorkplaceSuite%C2%AE.pdf"}], "source": {"discovery": "UNKNOWN"}, "title": "Arbitrary file upload, deletion and read through header manipulation", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-23T18:58:12.443714Z", "id": "CVE-2024-55926", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-23T18:58:27.492Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-55926", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-23T18:58:12.443714Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-23T18:58:21.066Z"}}], "cna": {"title": "Arbitrary file upload, deletion and read through header manipulation", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}, {"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}, {"capecId": "CAPEC-78", "descriptions": [{"lang": "en", "value": "CAPEC-78 Using Escaped Slashes in Alternate Encoding"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Xerox", "product": "Xerox Workplace Suite", "versions": [{"status": "affected", "version": "0", "lessThan": "5.6.701.9", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}], "datePublic": "2025-01-23T17:05:00.000Z", "references": [{"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-002-for-Xerox%C2%AE-WorkplaceSuite%C2%AE.pdf"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validation of headers, attackers can gain unauthorized access to data", "supportingMedia": [{"type": "text/html", "value": "A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validation of headers, attackers can gain unauthorized access to data", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "10b61619-3869-496c-8a1e-f291b0e71e3f", "shortName": "Xerox", "dateUpdated": "2025-02-24T17:11:02.567Z"}}}, "cveMetadata": {"cveId": "CVE-2024-55926", "state": "PUBLISHED", "dateUpdated": "2025-02-24T17:11:02.567Z", "dateReserved": "2024-12-13T14:30:30.206Z", "assignerOrgId": "10b61619-3869-496c-8a1e-f291b0e71e3f", "datePublished": "2025-01-23T17:12:21.371Z", "assignerShortName": "Xerox"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xerox:workplace_suite:*:*:*:*:*:*:*:*", "matchCriteriaId": "1EF146CA-62DE-40D4-B12B-EEA46618D8AF", "versionEndExcluding": "5.6.701.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validation of headers, attackers can gain unauthorized access to data"}, {"lang": "es", "value": "Carga, eliminaci\u00f3n y lectura arbitraria de archivos mediante manipulaci\u00f3n del encabezado"}], "id": "CVE-2024-55926", "lastModified": "2026-02-28T01:20:33.507", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "10b61619-3869-496c-8a1e-f291b0e71e3f", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-01-23T18:15:31.780", "references": [{"source": "10b61619-3869-496c-8a1e-f291b0e71e3f", "tags": ["Vendor Advisory"], "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-002-for-Xerox%C2%AE-WorkplaceSuite%C2%AE.pdf"}], "sourceIdentifier": "10b61619-3869-496c-8a1e-f291b0e71e3f", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-434"}], "source": "10b61619-3869-496c-8a1e-f291b0e71e3f", "type": "Secondary"}]}

{}

{}