Every CVE whose affected-product data names Xerox Workplace Suite, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2024-55926 — CVSS 7.6 (high): A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header…
CVE-2024-55927 — CVSS 7.6 (high): A vulnerability in Xerox Workplace Suite arises from flawed token generation and the use of hard-coded keys. These weaknesses allow…
CVE-2024-55925 — CVSS 7.5 (high): In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly…
CVE-2024-55930 — CVSS 6.7 (medium): Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files
CVE-2024-55928 — CVSS 6.5 (medium): Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows attackers to intercept…
CVE-2024-55931 — CVSS 6.5 (medium): Xerox Workplace Suite stores tokens in session storage, which may expose them to potential access if a user's session is compromised. The…
CVE-2024-55929 — CVSS 5.3 (medium): A mail spoofing vulnerability in Xerox Workplace Suite allows attackers to forge email headers, making it appear as though messages are…