Token Generation Flaw in Xerox Workplace Suite
CVE-2024-55927

7.6HIGH

Key Information:

Vendor: Xerox
Status: Xerox Workplace Suite
Vendor: CVE Published:; 23 January 2025

What is CVE-2024-55927?

The Xerox Workplace Suite is affected by a security vulnerability due to a flawed implementation of token generation, compounded by the presence of hard-coded keys. This serious design flaw can potentially allow unauthorized access and manipulation of sensitive data within the system. Organizations utilizing this product should prioritize updating their systems to mitigate the risks associated with this vulnerability.

Affected Version(s)

Xerox Workplace Suite Windows 0 < 5.6.701.9

References

https://securitydocs.business.xerox.com/wp-content/upload...

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 23, 2025
Vulnerability Reserved
Dec 13, 2024