{"id":60885,"date":"2025-01-28T22:00:43","date_gmt":"2025-01-28T19:00:43","guid":{"rendered":"http:\/\/JVNVU#99901190"},"modified":"2025-01-28T22:00:43","modified_gmt":"2025-01-28T19:00:43","slug":"multiple-vulnerabilities-in-fujifilm-business-innovation-xerox-freeflow-core","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/multiple-vulnerabilities-in-fujifilm-business-innovation-xerox-freeflow-core\/","title":{"rendered":"Multiple vulnerabilities in FUJIFILM Business Innovation Xerox FreeFlow Core"},"content":{"rendered":"<div readability=\"34\">\n<h2>Overview<\/h2>\n<p>Xerox FreeFlow Core, part of the Xerox FreeFlow Digital Workflow Collection provided by FUJIFILM Business Innovation Corp. contains multiple vulnerabilities.<\/p>\n<\/p><\/div>\n<div readability=\"29.483582089552\">\n<h2>Description<\/h2>\n<p>Xerox FreeFlow Core, part of the Xerox FreeFlow Digital Workflow Collection provided by FUJIFILM Business Innovation Corp. contains multiple vulnerabilities listed below.\n<\/p>\n<ul>\n<li><b>Missing authentication for critical function (<a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/306.html\" target=\"_blank\" rel=\"noopener\">CWE-306<\/a>)<\/b>\n<ul>\n<li>CVSS:3.1\/AV:A\/AC:H\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H Base Score 8.3<\/li>\n<li><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2024-47555\" target=\"_blank\" rel=\"noopener\">CVE-2024-47555<\/a><\/li>\n<\/ul>\n<\/li>\n<li><b>Improper limitation of a pathname to a restricted directory (&#8216;Path Traversal&#8217;) (<a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/22.html\" target=\"_blank\" rel=\"noopener\">CWE-22<\/a>)<\/b> <\/li>\n<li><b>Improper limitation of a pathname to a restricted directory (&#8216;Path Traversal&#8217;) (<a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/22.html\" target=\"_blank\" rel=\"noopener\">CWE-22<\/a>)<\/b> <\/li>\n<\/ul><\/div>\n<div readability=\"32\">\n<h2>Impact<\/h2>\n<p>The vulnerabilities may be leveraged to execute arbitrary code on the affected product.<\/p>\n<\/p><\/div>\n<div readability=\"36\">\n<h2>Solution<\/h2>\n<p><strong>Apply the patch<\/strong><br \/>Apply the &#8220;Xerox FreeFlow Core 7.0.11 Patch Module&#8221; which addresses these vulnerabilities.<\/p>\n<p>For more information, refer to the information provided by the developer.<\/p>\n<\/p><\/div>\n<div readability=\"33\">\n<h2>Credit<\/h2>\n<p>FUJIFILM Business Innovation Corp. reported these vulnerabilities to JPCERT\/CC to notify users of its solution through JVN.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Overview Xerox FreeFlow Core, part of the Xerox FreeFlow Digital Workflow Collection provided by FUJIFILM Business Innovation Corp. contains multiple vulnerabilities. Description Xerox FreeFlow Core, part of the Xerox FreeFlow Digital Workflow Collection provided by FUJIFILM Business Innovation Corp. contains multiple vulnerabilities listed below. Missing authentication for critical function (CWE-306) CVSS:3.1\/AV:A\/AC:H\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H Base Score 8.3 CVE-2024-47555 &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-60885","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/60885","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=60885"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/60885\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=60885"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=60885"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=60885"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}