WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they donĀ“t own and print hem without authorization. In order to exploit this vulnerability, the user must have an account with wepanow.com or any of the institutions they serve, and be logged in.
References
Link | Resource |
---|---|
https://enrique.wtf/CVE-2022-42909 | Third Party Advisory |
https://www.incibe-cert.es/en/early-warning/security-advisories/multiple-vulnerabilities-wepa-print-away | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: INCIBE
Published: 2023-02-03T00:00:00
Updated: 2023-02-03T00:00:00
Reserved: 2022-10-13T00:00:00
Link: CVE-2022-42909
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-02-03T19:15:12.713
Modified: 2023-02-10T17:34:15.027
Link: CVE-2022-42909
JSON object: View
Redhat Information
No data.