CVE-2024-55926: Arbitrary file upload, deletion and read through header manipulation
First published: Thu Jan 23 2025(Updated: )
A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validation of headers, attackers can gain unauthorized access to data
Credit: 10b61619-3869-496c-8a1e-f291b0e71e3f
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xerox Workplace Suite |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-55926?
CVE-2024-55926 is considered a critical vulnerability due to its potential to allow arbitrary file access and manipulation on the server.
How do I fix CVE-2024-55926?
To address CVE-2024-55926, apply the latest security patches provided by Xerox for the Workplace Suite.
What types of attacks can CVE-2024-55926 enable?
CVE-2024-55926 can enable attackers to read, upload, and delete files on the server through crafted header manipulation.
Which versions of Xerox Workplace Suite are affected by CVE-2024-55926?
CVE-2024-55926 affects all versions of Xerox Workplace Suite that do not have the latest security updates applied.
Who can exploit CVE-2024-55926?
Any unauthenticated attacker can exploit CVE-2024-55926 by manipulating HTTP headers to gain unauthorized access.
- agent/title
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/author
- agent/source
- agent/event
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/description
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/references
- vendor/xerox
- canonical/xerox workplace suite