CVE-2024-55931

Xerox Workplace Suite stores tokens in session storage, which may expose them to potential access if a user's session is compromised. The patch for this vulnerability will be included in a future release of Workplace Suite, and customers will be notified through an update to the security bulletin.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-002-for-Xerox%C2%AE-WorkplaceSuite%C2%AE.pdf

Configurations

No configuration.

History

24 Feb 2025, 18:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~6.3~~	v2 : unknown v3 : 6.5

29 Jan 2025, 12:15

Type	Values Removed	Values Added
References	{'url': 'https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-002-for-Xerox%C2%AE-Workplace-Suite%C2%AE.pdf', 'source': '10b61619-3869-496c-8a1e-f291b0e71e3f'}	() https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-002-for-Xerox%C2%AE-WorkplaceSuite%C2%AE.pdf -
Summary		(es) Xerox Workplace Suite almacena tokens en el almacenamiento de sesiones, lo que puede exponerlos a un posible acceso si la sesión de un usuario se ve comprometida. El parche para esta vulnerabilidad se incluirá en una versión futura de Workplace Suite y se notificará a los clientes mediante una actualización del boletín de seguridad.

27 Jan 2025, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-27 12:15

Updated : 2025-02-24 18:15

NVD link : CVE-2024-55931

Mitre link : CVE-2024-55931

CVE.ORG link : CVE-2024-55931

JSON object : View

Products Affected

No product.

CWE

CWE-922

Insecure Storage of Sensitive Information

6.5 /10