CVE-2022-42909 — MEDIUM (6.5)

Vulnerability Description

WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they don´t own and print hem without authorization. In order to exploit this vulnerability, the user must have an account with wepanow.com or any of the institutions they serve, and be logged in.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Wepanow	Print Away	-

Related Weaknesses (CWE)

CWE-79 CWE-862

References

https://enrique.wtf/CVE-2022-42909Third Party Advisory
https://www.incibe-cert.es/en/early-warning/security-advisories/multiple-vulneraThird Party Advisory
https://enrique.wtf/CVE-2022-42909Third Party Advisory
https://www.incibe-cert.es/en/early-warning/security-advisories/multiple-vulneraThird Party Advisory

FAQ

What is CVE-2022-42909?

CVE-2022-42909 is a vulnerability with a CVSS score of 6.5 (MEDIUM). WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and...

How severe is CVE-2022-42909?

CVE-2022-42909 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-42909?

Check the references section above for vendor advisories and patch information. Affected products include: Wepanow Print Away.