CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-55927: Flawed token generation implementation & Hard-coded key implementation

6.4 CVSS

Description

A vulnerability in Xerox Workplace Suite arises from flawed token generation and the use of hard-coded keys. These weaknesses allow attackers to predict or forge tokens, leading to unauthorized access to sensitive functions.

Classification

CVE ID: CVE-2024-55927

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.4

Affected Products

Vendor: Xerox

Product: Xerox Workplace Suite

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.72% (scored less or equal to compared to others)

EPSS Date: 2025-02-25 (when was this score calculated)

References

https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-002-for-Xerox%C2%AE-Workplace-Suite%C2%AE.pdf

Timeline

2025-01-28 00:30:35 UTC
CVE

Flawed token generation implementation & Hard-coded key implementation