Directory Traversal Risk in Lexmark MarkVision Enterprise
CVE-2014-8742

7.5HIGH

Key Information:

Vendor: Lexmark
Status: Markvision Enterprise
Vendor: CVE Published:; 27 January 2020

Summary

A directory traversal vulnerability exists in the ReportDownloadServlet of Lexmark's MarkVision Enterprise software, affecting versions before 2.1. This flaw allows remote attackers to exploit the server by using unspecified vectors to gain access to arbitrary files on the system. Such unauthorized access may lead to sensitive data exposure and increase the risk of further attacks.

References

http://www.zerodayinitiative.com/advisories/ZDI-14-411/

x_refsource_MISC

http://support.lexmark.com/index?page=content&id=TE666

x_refsource_CONFIRM

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 27, 2020
Vulnerability Reserved
Nov 13, 2014