Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 mishandles Client Inter-process Security V-2022-004.
The error classified as CWE-602 (Client-Side Enforcement of Server-Side Security) indicates that security logic, which should be enforced on the server side, is improperly implemented or delegated to the client. An attacker can bypass security control mechanisms for communication between processes, enabling unauthorized interaction with the system. The vulnerability is network-accessible, requires no authentication or user interaction.
A remote and unauthenticated attacker can gain full access to the system — compromising the confidentiality, integrity, and availability of data and the print management application.
Vasion Print must be updated to Virtual Appliance Host version 1.0.735 / Application 20.0.1330 or later. Detailed information is available in the vendor's security bulletins at: https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm
Vasion Print (formerly PrinterLogic) in Virtual Appliance Host versions below 1.0.735 and Application versions below 20.0.1330.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPrinterlogic Vasion Print
APPPrinterlogic< 20.0.1330Printerlogic Virtual Appliance
APPPrinterlogic< 1.0.735
Related vulnerabilities
Vasion Print / PrinterLogic — nieautoryzowana edycja pakietów sterowników
Hardcoded Password w Vasion Print (PrinterLogic) — dostęp bez uwierzytelnienia
Vasion Print / PrinterLogic — pominięcie uwierzytelnienia w API Single Sign-On
SQL Injection w Vasion Print (PrinterLogic) — zdalne przejęcie kontroli
Zakodowany na stałe klucz AWS API w Vasion Print (PrinterLogic)