Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Password Stored in Process List V-2023-011.
The application stores the password in a plaintext manner visible in the system process list (process list), which is classified as CWE-256 (Plaintext Storage of a Password). A person or process with access to the process list — locally or remotely — can read the password without needing elevated privileges or user interaction. The attack vector is network-based, and the attack complexity is low, making this vulnerability particularly dangerous.
An attacker can obtain credentials stored in the process list, which may result in complete system takeover, violation of data confidentiality, integrity, and availability.
Virtual Appliance Host must be updated to version 22.0.862 or later, and Application to version 20.0.2014 or later. Detailed information is available in the vendor's security bulletin at the address indicated in the references.
Vasion Print (formerly PrinterLogic) in Virtual Appliance Host versions before 22.0.862 and Application versions before 20.0.2014
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPrinterlogic Vasion Print
APPPrinterlogic< 20.0.2014Printerlogic Virtual Appliance
APPPrinterlogic< 22.0.862
Related vulnerabilities
Vasion Print / PrinterLogic — nieautoryzowana edycja pakietów sterowników
Hardcoded Password w Vasion Print (PrinterLogic) — dostęp bez uwierzytelnienia
Vasion Print / PrinterLogic — pominięcie uwierzytelnienia w API Single Sign-On
SQL Injection w Vasion Print (PrinterLogic) — zdalne przejęcie kontroli
Zakodowany na stałe klucz AWS API w Vasion Print (PrinterLogic)