Multiple vulnerabilities in FUJIFILM Business Innovation Xerox FreeFlow Core

Overview

Xerox FreeFlow Core, part of the Xerox FreeFlow Digital Workflow Collection provided by FUJIFILM Business Innovation Corp. contains multiple vulnerabilities.

Description

Xerox FreeFlow Core, part of the Xerox FreeFlow Digital Workflow Collection provided by FUJIFILM Business Innovation Corp. contains multiple vulnerabilities listed below.

  • Missing authentication for critical function (CWE-306)
    • CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Base Score 8.3
    • CVE-2024-47555
  • Improper limitation of a pathname to a restricted directory (‘Path Traversal’) (CWE-22)
  • Improper limitation of a pathname to a restricted directory (‘Path Traversal’) (CWE-22)

Impact

The vulnerabilities may be leveraged to execute arbitrary code on the affected product.

Solution

Apply the patch
Apply the “Xerox FreeFlow Core 7.0.11 Patch Module” which addresses these vulnerabilities.

For more information, refer to the information provided by the developer.

Credit

FUJIFILM Business Innovation Corp. reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.

نوشته های مشابه

Trend Micro Deep Security Agent for Windows and Deep Security Notifier on DSVA vulnerable to OS command injection

WordPress Plugin “My WP Customize Admin/Frontend” vulnerable to cross-site scripting

Multiple vulnerabilities in FXC AE1021 and AE1021PE

Multiple vulnerabilities in SHARP routers