Multiple vulnerabilities in WEPA Print Away

Posted date
21/02/2023
Importance
3 - Media
Affected Resources
  • WEPA Print Away document upload component.
  • WEPA Print Away release code generation component.
Description

INCIBE has coordinated the publication of 2 vulnerabilities in WEPA Print Away, which has been discovered by Enrique Benvenutto Navarro.

These vulnerabilities have been assigned the following codes:

  • CVE-2022-42908. A CVSS v3.1 base score of 6,3 has been calculated; the CVSS vector string is AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N. The vulnerability type is CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
  • CVE-2022-42909. A CVSS v3.1 base score of 6,5 has been calculated; the CVSS vector string is AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability type is CWE-284Improper Access Control.
Solution

Both vulnerabilities have been fixed by the WEPA security team.

Detail

WEPA Print Away is a cloud-based print management solution for student printing in higher education and university settings.

  • CVE-2022-42908: WEPA Print Away is vulnerable to a stored XSS. It does not properly sanitize uploaded filenames, allowing an attacker to deceive a user into uploading a document with a malicious filename, which will be included in subsequent HTTP responses, allowing a stored XSS to occur. This attack is persistent across victim sessions.
  • CVE-2022-42909 WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they don´t own and print hem without authorization. In order to exploit this vulnerability, the user must have an account with wepanow.com or any of the institutions they serve, and be logged in.

If you have any information regarding this advisory, please contact INCIBE as indicated in the 'CVE assignment and publication'.

Encuesta valoración

Etiquetas

botón arriba