Vulnerabilities > Xerox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-02 | CVE-2023-46327 | Improper Authentication vulnerability in multiple products Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. | 5.9 |
| 2023-01-31 | CVE-2022-45897 | Cleartext Storage of Sensitive Information vulnerability in Xerox Workcentre 3550 Firmware 25.003.03.000 On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings. | 6.5 |
| 2022-02-10 | CVE-2022-23321 | Cross-site Scripting vulnerability in Xerox Xmpie Ustore 12.3.7244.0 A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0. | 4.8 |
| 2021-03-29 | CVE-2021-28669 | Missing Authorization vulnerability in Xerox products Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights. | 5.0 |
| 2021-03-29 | CVE-2021-28670 | Unspecified vulnerability in Xerox products Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk. | 6.4 |
| 2021-03-04 | CVE-2019-18630 | Inadequate Encryption Strength vulnerability in Xerox products On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure. | 5.0 |
| 2021-03-04 | CVE-2019-18629 | Unspecified vulnerability in Xerox products Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. network xerox | 6.8 |
| 2021-03-04 | CVE-2019-18628 | Unspecified vulnerability in Xerox products Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure. | 4.0 |
| 2021-01-26 | CVE-2020-36201 | Inadequate Encryption Strength vulnerability in Xerox products An issue was discovered in certain Xerox WorkCentre products. | 5.0 |
| 2020-10-09 | CVE-2020-26162 | Cross-site Scripting vulnerability in Xerox products Xerox WorkCentre EC7836 before 073.050.059.25300 and EC7856 before 073.020.059.25300 devices allow XSS via Description pages. | 4.3 |