CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-55926: Arbitrary file upload, deletion and read through header manipulation

6.3 CVSS

Description

A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validation of headers, attackers can gain unauthorized access to data

Classification

CVE ID: CVE-2024-55926

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.3

Affected Products

Vendor: Xerox

Product: Xerox Workplace Suite

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 12.88% (scored less or equal to compared to others)

EPSS Date: 2025-02-25 (when was this score calculated)

References

https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-002-for-Xerox%C2%AE-Workplace-Suite%C2%AE.pdf

Timeline

2025-01-28 00:30:35 UTC
CVE

Arbitrary file upload, deletion and read through header manipulation