CVE-2024-1222

Critical

This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. This…

PaperCut·CWE-250·Published 2024-03-14

CVSS

9.8

EPSS

0.64

KEV

Exploits

cve.orgen

192 chars

This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. This applies to a small subset of PaperCut NG/MF API calls.

NVDen

192 chars

This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. This applies to a small subset of PaperCut NG/MF API calls.

Esto permite a los atacantes utilizar una solicitud de API formada de forma maliciosa para obtener acceso a un nivel de autorización de API con privilegios elevados. Esto se aplica a un pequeño subconjunto de llamadas API de PaperCut NG/MF.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	8.6	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
3.1	Secondary	NVD	8.6	3.9	4.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L