First published: Wed Sep 13 2023(Updated: )
PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.
Credit: vulnreport@tenable.com vulnreport@tenable.com
Affected Software | Affected Version | How to fix |
---|---|---|
Papercut Papercut Ng | <=22.0.12 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-4568 is a vulnerability in PaperCut NG that allows for unauthenticated XMLRPC commands to be run by default.
Versions 22.0.12 and below of PaperCut NG are confirmed to be affected by CVE-2023-4568.
Later versions of PaperCut NG may also be affected by CVE-2023-4568 due to lack of a vendor supplied patch.
CVE-2023-4568 has a severity rating of medium with a CVSS score of 6.5.
To fix CVE-2023-4568, it is recommended to apply the vendor supplied patch if available or upgrade to a version that is not affected.