Authenticated Remote Code Execution Vulnerability in Xerox FreeFlow Core
CVE-2024-47559

8.8HIGH

Key Information:

Vendor: Xerox
Status: Freeflow Core
Vendor: CVE Published:; 7 October 2024

Summary

The vulnerability in Xerox FreeFlow Core (v7.0) allows for authenticated remote code execution through a path traversal flaw. This issue occurs when improper validation of user-supplied input enables an attacker to alter file paths in a way that may lead to unauthorized access and execution of malicious code on the server. If exploited, this vulnerability poses significant risks to the confidentiality, integrity, and availability of the system. Users are strongly advised to apply available patches and enhancements to safeguard their environments.

References

https://securitydocs.business.xerox.com/wp-content/upload...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 7, 2024