Search

Find a vulnerability

Search criteria

    16 vulnerabilities found for altalink_b8065_firmware by xerox

    CVE-2019-10881 (GCVE-0-2019-10881)

    Vulnerability from nvd – Published: 2021-04-13 20:58 – Updated: 2024-08-04 22:32
    VLAI
    Title
    Default hidden Privileged Account Vulnerability in multiple XEROX devices
    Summary
    Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled.
    CWE
    • CWE-259 - Use of Hard-coded Password
    Assigner
    References
    URL Tags
    https://airbus-seclab.github.io/ x_refsource_MISC
    Impacted products
    Vendor Product Version
    XEROX AltaLink B8045/B8055/B8065/B8075/B8090 Affected: n/a
    Create a notification for this product.
    XEROX AltaLink C8030/C8035/C8045/C8055/C8070 Affected: n/a
    Create a notification for this product.
    XEROX WorkCentre 3655 Affected: n/a
    Create a notification for this product.
    XEROX WorkCentre 5845/5855/5865/5875/5890 Affected: n/a
    Create a notification for this product.
    XEROX WorkCentre 5945/5955 Affected: n/a
    Create a notification for this product.
    XEROX WorkCentre 6655 Affected: n/a
    Create a notification for this product.
    XEROX WorkCentre 7220/7225 Affected: n/a
    Create a notification for this product.
    XEROX WorkCentre 7830/7835/7845/7855 Affected: n/a
    Create a notification for this product.
    XEROX WorkCentre 7970 Affected: n/a
    Create a notification for this product.
    XEROX WorkCentre EC7836/EC7856 Affected: n/a
    Create a notification for this product.
    XEROX ColorQube 9301/9302/9303 Affected: n/a
    Create a notification for this product.
    XEROX ColorQube 8700/8900 Affected: n/a
    Create a notification for this product.
    XEROX WorkCentre 6400 Affected: n/a
    Create a notification for this product.
    XEROX Phaser 6700 Affected: n/a
    Create a notification for this product.
    XEROX Phaser 7800 Affected: n/a
    Create a notification for this product.
    XEROX WorkCentre 5735/5740/5745/5755/5765/5775/5790 Affected: n/a
    Create a notification for this product.
    XEROX WorkCentre 7525/7530/7535/7545/7556 Affected: n/a
    Create a notification for this product.
    XEROX WorkCentre 7755/7765/7775 Affected: n/a
    Create a notification for this product.
    Credits
    Raphaël Rigo from the Airbus Security Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:32:02.132Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://airbus-seclab.github.io/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AltaLink B8045/B8055/B8065/B8075/B8090",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "AltaLink C8030/C8035/C8045/C8055/C8070",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "WorkCentre 3655",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "WorkCentre 5845/5855/5865/5875/5890",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "WorkCentre 5945/5955",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "WorkCentre 6655",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "WorkCentre 7220/7225",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "WorkCentre 7830/7835/7845/7855",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "WorkCentre 7970",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "WorkCentre EC7836/EC7856",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "ColorQube 9301/9302/9303",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "ColorQube 8700/8900",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "WorkCentre 6400",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "Phaser 6700",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "Phaser 7800",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "WorkCentre 5735/5740/5745/5755/5765/5775/5790",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "WorkCentre 7525/7530/7535/7545/7556",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "WorkCentre 7755/7765/7775",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Rapha\u00ebl Rigo from the Airbus Security Lab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-259",
                  "description": "CWE-259 Use of Hard-coded Password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-13T20:58:01.000Z",
            "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
            "shortName": "airbus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://airbus-seclab.github.io/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "No fix available for now."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Default hidden Privileged Account Vulnerability in multiple XEROX devices",
          "workarounds": [
            {
              "lang": "en",
              "value": "There no known workaround for now available."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.6"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@airbus.com",
              "ID": "CVE-2019-10881",
              "STATE": "PUBLIC",
              "TITLE": "Default hidden Privileged Account Vulnerability in multiple XEROX devices"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AltaLink B8045/B8055/B8065/B8075/B8090",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "AltaLink C8030/C8035/C8045/C8055/C8070",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WorkCentre 3655",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WorkCentre 5845/5855/5865/5875/5890",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WorkCentre 5945/5955",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WorkCentre 6655",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WorkCentre 7220/7225",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WorkCentre 7830/7835/7845/7855",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WorkCentre 7970",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WorkCentre EC7836/EC7856",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ColorQube 9301/9302/9303",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ColorQube 8700/8900",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WorkCentre 6400",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Phaser 6700",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Phaser 7800",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WorkCentre 5735/5740/5745/5755/5765/5775/5790",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WorkCentre 7525/7530/7535/7545/7556",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WorkCentre 7755/7765/7775",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "XEROX"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Rapha\u00ebl Rigo from the Airbus Security Lab"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.6"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-259 Use of Hard-coded Password"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://airbus-seclab.github.io/",
                  "refsource": "MISC",
                  "url": "https://airbus-seclab.github.io/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "No fix available for now."
              }
            ],
            "source": {
              "discovery": "INTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "There no known workaround for now available."
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "assignerShortName": "airbus",
        "cveId": "CVE-2019-10881",
        "datePublished": "2021-04-13T20:58:01.000Z",
        "dateReserved": "2019-04-05T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:32:02.132Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-28669 (GCVE-0-2021-28669)

    Vulnerability from nvd – Published: 2021-03-29 19:27 – Updated: 2024-08-03 21:47
    VLAI
    Summary
    Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:47:32.991Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-29T19:27:59.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-28669",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-28669",
        "datePublished": "2021-03-29T19:27:59.000Z",
        "dateReserved": "2021-03-18T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:47:32.991Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-28668 (GCVE-0-2021-28668)

    Vulnerability from nvd – Published: 2021-03-29 19:28 – Updated: 2024-08-03 21:47
    VLAI
    Summary
    Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:47:33.131Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-29T19:28:09.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-28668",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-28668",
        "datePublished": "2021-03-29T19:28:09.000Z",
        "dateReserved": "2021-03-18T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:47:33.131Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-28670 (GCVE-0-2021-28670)

    Vulnerability from nvd – Published: 2021-03-29 17:40 – Updated: 2024-08-03 21:47
    VLAI
    Summary
    Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:47:33.021Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/12/cert_Security_Mini_Bulletin_XRX20X_for_ALB80xx-C80xxv.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-29T17:40:09.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/12/cert_Security_Mini_Bulletin_XRX20X_for_ALB80xx-C80xxv.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-28670",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/12/cert_Security_Mini_Bulletin_XRX20X_for_ALB80xx-C80xxv.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/12/cert_Security_Mini_Bulletin_XRX20X_for_ALB80xx-C80xxv.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-28670",
        "datePublished": "2021-03-29T17:40:09.000Z",
        "dateReserved": "2021-03-18T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:47:33.021Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-18630 (GCVE-0-2019-18630)

    Vulnerability from nvd – Published: 2021-03-04 22:07 – Updated: 2024-08-05 01:54
    VLAI
    Summary
    On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T01:54:14.544Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.2.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-04T22:07:44.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.2.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-18630",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.2.pdf",
                  "refsource": "MISC",
                  "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.2.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-18630",
        "datePublished": "2021-03-04T22:07:44.000Z",
        "dateReserved": "2019-10-30T00:00:00.000Z",
        "dateUpdated": "2024-08-05T01:54:14.544Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-18629 (GCVE-0-2019-18629)

    Vulnerability from nvd – Published: 2021-03-04 06:12 – Updated: 2024-08-05 01:54
    VLAI
    Summary
    Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a compromised private key.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T01:54:14.488Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.business.xerox.com"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX19AI_for_ALB80xx-C80xx_v1.1.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a compromised private key."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-04T06:12:03.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.business.xerox.com"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX19AI_for_ALB80xx-C80xx_v1.1.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-18629",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a compromised private key."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.business.xerox.com",
                  "refsource": "MISC",
                  "url": "https://security.business.xerox.com"
                },
                {
                  "name": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX19AI_for_ALB80xx-C80xx_v1.1.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX19AI_for_ALB80xx-C80xx_v1.1.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-18629",
        "datePublished": "2021-03-04T06:12:03.000Z",
        "dateReserved": "2019-10-30T00:00:00.000Z",
        "dateUpdated": "2024-08-05T01:54:14.488Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-18628 (GCVE-0-2019-18628)

    Vulnerability from nvd – Published: 2021-03-04 06:09 – Updated: 2024-08-05 01:54
    VLAI
    Summary
    Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T01:54:14.499Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.business.xerox.com"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.1.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-04T06:09:30.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.business.xerox.com"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.1.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-18628",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.business.xerox.com",
                  "refsource": "MISC",
                  "url": "https://security.business.xerox.com"
                },
                {
                  "name": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.1.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.1.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-18628",
        "datePublished": "2021-03-04T06:09:30.000Z",
        "dateReserved": "2019-10-30T00:00:00.000Z",
        "dateUpdated": "2024-08-05T01:54:14.499Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17172 (GCVE-0-2018-17172)

    Vulnerability from nvd – Published: 2019-01-03 03:00 – Updated: 2024-08-05 10:39
    VLAI
    Summary
    The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2019-01-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:39:59.574Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2018/12/cert_Security_Mini_Bulletin_XRX18AL_for_ALB80xx-C80xx_v1.1.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2019-01-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-03T03:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2018/12/cert_Security_Mini_Bulletin_XRX18AL_for_ALB80xx-C80xx_v1.1.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-17172",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://securitydocs.business.xerox.com/wp-content/uploads/2018/12/cert_Security_Mini_Bulletin_XRX18AL_for_ALB80xx-C80xx_v1.1.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2018/12/cert_Security_Mini_Bulletin_XRX18AL_for_ALB80xx-C80xx_v1.1.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-17172",
        "datePublished": "2019-01-03T03:00:00.000Z",
        "dateReserved": "2018-09-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:39:59.574Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10881 (GCVE-0-2019-10881)

    Vulnerability from cvelistv5 – Published: 2021-04-13 20:58 – Updated: 2024-08-04 22:32
    VLAI
    Title
    Default hidden Privileged Account Vulnerability in multiple XEROX devices
    Summary
    Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled.
    CWE
    • CWE-259 - Use of Hard-coded Password
    Assigner
    References
    URL Tags
    https://airbus-seclab.github.io/ x_refsource_MISC
    Impacted products
    Vendor Product Version
    XEROX AltaLink B8045/B8055/B8065/B8075/B8090 Affected: n/a
    Create a notification for this product.
    XEROX AltaLink C8030/C8035/C8045/C8055/C8070 Affected: n/a
    Create a notification for this product.
    XEROX WorkCentre 3655 Affected: n/a
    Create a notification for this product.
    XEROX WorkCentre 5845/5855/5865/5875/5890 Affected: n/a
    Create a notification for this product.
    XEROX WorkCentre 5945/5955 Affected: n/a
    Create a notification for this product.
    XEROX WorkCentre 6655 Affected: n/a
    Create a notification for this product.
    XEROX WorkCentre 7220/7225 Affected: n/a
    Create a notification for this product.
    XEROX WorkCentre 7830/7835/7845/7855 Affected: n/a
    Create a notification for this product.
    XEROX WorkCentre 7970 Affected: n/a
    Create a notification for this product.
    XEROX WorkCentre EC7836/EC7856 Affected: n/a
    Create a notification for this product.
    XEROX ColorQube 9301/9302/9303 Affected: n/a
    Create a notification for this product.
    XEROX ColorQube 8700/8900 Affected: n/a
    Create a notification for this product.
    XEROX WorkCentre 6400 Affected: n/a
    Create a notification for this product.
    XEROX Phaser 6700 Affected: n/a
    Create a notification for this product.
    XEROX Phaser 7800 Affected: n/a
    Create a notification for this product.
    XEROX WorkCentre 5735/5740/5745/5755/5765/5775/5790 Affected: n/a
    Create a notification for this product.
    XEROX WorkCentre 7525/7530/7535/7545/7556 Affected: n/a
    Create a notification for this product.
    XEROX WorkCentre 7755/7765/7775 Affected: n/a
    Create a notification for this product.
    Credits
    Raphaël Rigo from the Airbus Security Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:32:02.132Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://airbus-seclab.github.io/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AltaLink B8045/B8055/B8065/B8075/B8090",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "AltaLink C8030/C8035/C8045/C8055/C8070",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "WorkCentre 3655",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "WorkCentre 5845/5855/5865/5875/5890",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "WorkCentre 5945/5955",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "WorkCentre 6655",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "WorkCentre 7220/7225",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "WorkCentre 7830/7835/7845/7855",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "WorkCentre 7970",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "WorkCentre EC7836/EC7856",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "ColorQube 9301/9302/9303",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "ColorQube 8700/8900",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "WorkCentre 6400",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "Phaser 6700",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "Phaser 7800",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "WorkCentre 5735/5740/5745/5755/5765/5775/5790",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "WorkCentre 7525/7530/7535/7545/7556",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "WorkCentre 7755/7765/7775",
              "vendor": "XEROX",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Rapha\u00ebl Rigo from the Airbus Security Lab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-259",
                  "description": "CWE-259 Use of Hard-coded Password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-13T20:58:01.000Z",
            "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
            "shortName": "airbus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://airbus-seclab.github.io/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "No fix available for now."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Default hidden Privileged Account Vulnerability in multiple XEROX devices",
          "workarounds": [
            {
              "lang": "en",
              "value": "There no known workaround for now available."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.6"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@airbus.com",
              "ID": "CVE-2019-10881",
              "STATE": "PUBLIC",
              "TITLE": "Default hidden Privileged Account Vulnerability in multiple XEROX devices"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AltaLink B8045/B8055/B8065/B8075/B8090",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "AltaLink C8030/C8035/C8045/C8055/C8070",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WorkCentre 3655",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WorkCentre 5845/5855/5865/5875/5890",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WorkCentre 5945/5955",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WorkCentre 6655",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WorkCentre 7220/7225",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WorkCentre 7830/7835/7845/7855",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WorkCentre 7970",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WorkCentre EC7836/EC7856",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ColorQube 9301/9302/9303",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ColorQube 8700/8900",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WorkCentre 6400",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Phaser 6700",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Phaser 7800",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WorkCentre 5735/5740/5745/5755/5765/5775/5790",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WorkCentre 7525/7530/7535/7545/7556",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WorkCentre 7755/7765/7775",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "XEROX"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Rapha\u00ebl Rigo from the Airbus Security Lab"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.6"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-259 Use of Hard-coded Password"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://airbus-seclab.github.io/",
                  "refsource": "MISC",
                  "url": "https://airbus-seclab.github.io/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "No fix available for now."
              }
            ],
            "source": {
              "discovery": "INTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "There no known workaround for now available."
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "assignerShortName": "airbus",
        "cveId": "CVE-2019-10881",
        "datePublished": "2021-04-13T20:58:01.000Z",
        "dateReserved": "2019-04-05T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:32:02.132Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-28668 (GCVE-0-2021-28668)

    Vulnerability from cvelistv5 – Published: 2021-03-29 19:28 – Updated: 2024-08-03 21:47
    VLAI
    Summary
    Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:47:33.131Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-29T19:28:09.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-28668",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-28668",
        "datePublished": "2021-03-29T19:28:09.000Z",
        "dateReserved": "2021-03-18T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:47:33.131Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-28669 (GCVE-0-2021-28669)

    Vulnerability from cvelistv5 – Published: 2021-03-29 19:27 – Updated: 2024-08-03 21:47
    VLAI
    Summary
    Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:47:32.991Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-29T19:27:59.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-28669",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-28669",
        "datePublished": "2021-03-29T19:27:59.000Z",
        "dateReserved": "2021-03-18T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:47:32.991Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-28670 (GCVE-0-2021-28670)

    Vulnerability from cvelistv5 – Published: 2021-03-29 17:40 – Updated: 2024-08-03 21:47
    VLAI
    Summary
    Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:47:33.021Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/12/cert_Security_Mini_Bulletin_XRX20X_for_ALB80xx-C80xxv.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-29T17:40:09.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/12/cert_Security_Mini_Bulletin_XRX20X_for_ALB80xx-C80xxv.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-28670",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/12/cert_Security_Mini_Bulletin_XRX20X_for_ALB80xx-C80xxv.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/12/cert_Security_Mini_Bulletin_XRX20X_for_ALB80xx-C80xxv.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-28670",
        "datePublished": "2021-03-29T17:40:09.000Z",
        "dateReserved": "2021-03-18T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:47:33.021Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-18630 (GCVE-0-2019-18630)

    Vulnerability from cvelistv5 – Published: 2021-03-04 22:07 – Updated: 2024-08-05 01:54
    VLAI
    Summary
    On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T01:54:14.544Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.2.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-04T22:07:44.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.2.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-18630",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.2.pdf",
                  "refsource": "MISC",
                  "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.2.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-18630",
        "datePublished": "2021-03-04T22:07:44.000Z",
        "dateReserved": "2019-10-30T00:00:00.000Z",
        "dateUpdated": "2024-08-05T01:54:14.544Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-18629 (GCVE-0-2019-18629)

    Vulnerability from cvelistv5 – Published: 2021-03-04 06:12 – Updated: 2024-08-05 01:54
    VLAI
    Summary
    Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a compromised private key.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T01:54:14.488Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.business.xerox.com"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX19AI_for_ALB80xx-C80xx_v1.1.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a compromised private key."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-04T06:12:03.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.business.xerox.com"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX19AI_for_ALB80xx-C80xx_v1.1.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-18629",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a compromised private key."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.business.xerox.com",
                  "refsource": "MISC",
                  "url": "https://security.business.xerox.com"
                },
                {
                  "name": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX19AI_for_ALB80xx-C80xx_v1.1.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX19AI_for_ALB80xx-C80xx_v1.1.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-18629",
        "datePublished": "2021-03-04T06:12:03.000Z",
        "dateReserved": "2019-10-30T00:00:00.000Z",
        "dateUpdated": "2024-08-05T01:54:14.488Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-18628 (GCVE-0-2019-18628)

    Vulnerability from cvelistv5 – Published: 2021-03-04 06:09 – Updated: 2024-08-05 01:54
    VLAI
    Summary
    Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T01:54:14.499Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.business.xerox.com"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.1.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-04T06:09:30.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.business.xerox.com"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.1.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-18628",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.business.xerox.com",
                  "refsource": "MISC",
                  "url": "https://security.business.xerox.com"
                },
                {
                  "name": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.1.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.1.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-18628",
        "datePublished": "2021-03-04T06:09:30.000Z",
        "dateReserved": "2019-10-30T00:00:00.000Z",
        "dateUpdated": "2024-08-05T01:54:14.499Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17172 (GCVE-0-2018-17172)

    Vulnerability from cvelistv5 – Published: 2019-01-03 03:00 – Updated: 2024-08-05 10:39
    VLAI
    Summary
    The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2019-01-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:39:59.574Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2018/12/cert_Security_Mini_Bulletin_XRX18AL_for_ALB80xx-C80xx_v1.1.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2019-01-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-03T03:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2018/12/cert_Security_Mini_Bulletin_XRX18AL_for_ALB80xx-C80xx_v1.1.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-17172",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://securitydocs.business.xerox.com/wp-content/uploads/2018/12/cert_Security_Mini_Bulletin_XRX18AL_for_ALB80xx-C80xx_v1.1.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2018/12/cert_Security_Mini_Bulletin_XRX18AL_for_ALB80xx-C80xx_v1.1.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-17172",
        "datePublished": "2019-01-03T03:00:00.000Z",
        "dateReserved": "2018-09-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:39:59.574Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }