- Description
- PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.
- Source
- vulnreport@tenable.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 2.5
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F745BB14-82EB-4539-BECB-0A96C4C60E99",
"versionEndIncluding": "22.0.12"
}
],
"operator": "OR"
}
]
}
]