Shodan
Vulnerabilities
Vulnerable Software
Xerox:  Security Vulnerabilities
CVE-2025-8356
In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.
CVSS Score
9.8
EPSS Score
0.008
Published
2025-08-08
CVE-2025-8355
In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).
CVSS Score
7.5
EPSS Score
0.001
Published
2025-08-08
CVE-2024-47556
Pre-Auth RCE via Path Traversal
CVSS Score
8.3
EPSS Score
0.007
Published
2024-10-07
CVE-2024-47557
Pre-Auth RCE via Path Traversal
CVSS Score
8.3
EPSS Score
0.007
Published
2024-10-07
CVE-2024-47558
Authenticated RCE via Path Traversal
CVSS Score
7.6
EPSS Score
0.004
Published
2024-10-07
CVE-2024-47559
Authenticated RCE via Path Traversal
CVSS Score
7.6
EPSS Score
0.004
Published
2024-10-07
CVE-2023-46327
Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient. With the knowledge of the encryption process and the encryption key, the information such as the server credentials may be obtained from the exported Address Book data. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVSS Score
5.9
EPSS Score
0.002
Published
2023-11-02
CVE-2022-45897
On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-01-31
CVE-2022-26572
Xerox ColorQube 8580 was discovered to contain an access control issue which allows attackers to print, view the status, and obtain sensitive information.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-04-04
CVE-2021-37354
Xerox Phaser 4622 v35.013.01.000 was discovered to contain a buffer overflow in the function sub_3226AC via the TIMEZONE variable. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-02-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved