Lucene search
HistoryDec 10, 2006 - 11:28 a.m.
CVE-2006-6438
CVSS2
4.9
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:C/I:N/A:N
AI Score
6.1
Confidence
Low
EPSS
0
Percentile
5.1%
Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 leaves sensitive user data in http.log after an Immediate Image Overwrite (IIO), which allows local users to obtain the data by reading the http.log file.
Affected configurations
Node
xeroxworkcentre_232
ORxeroxworkcentre_232pro
ORxeroxworkcentre_238
ORxeroxworkcentre_238pro
ORxeroxworkcentre_245
ORxeroxworkcentre_245pro
ORxeroxworkcentre_255
ORxeroxworkcentre_255pro
ORxeroxworkcentre_265
ORxeroxworkcentre_265pro
ORxeroxworkcentre_275
ORxeroxworkcentre_275pro
| Vendor | Product | Version | CPE |
|---|---|---|---|
| xerox | workcentre_232 | * | cpe:2.3:h:xerox:workcentre_232:*:*:*:*:*:*:*:* |
| xerox | workcentre_232 | * | cpe:2.3:h:xerox:workcentre_232:*:*:pro:*:*:*:*:* |
| xerox | workcentre_238 | * | cpe:2.3:h:xerox:workcentre_238:*:*:*:*:*:*:*:* |
| xerox | workcentre_238 | * | cpe:2.3:h:xerox:workcentre_238:*:*:pro:*:*:*:*:* |
| xerox | workcentre_245 | * | cpe:2.3:h:xerox:workcentre_245:*:*:*:*:*:*:*:* |
| xerox | workcentre_245 | * | cpe:2.3:h:xerox:workcentre_245:*:*:pro:*:*:*:*:* |
| xerox | workcentre_255 | * | cpe:2.3:h:xerox:workcentre_255:*:*:*:*:*:*:*:* |
| xerox | workcentre_255 | * | cpe:2.3:h:xerox:workcentre_255:*:*:pro:*:*:*:*:* |
| xerox | workcentre_265 | * | cpe:2.3:h:xerox:workcentre_265:*:*:*:*:*:*:*:* |
| xerox | workcentre_265 | * | cpe:2.3:h:xerox:workcentre_265:*:*:pro:*:*:*:*:* |
CVSS2
4.9
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:C/I:N/A:N
AI Score
6.1
Confidence
Low
EPSS
0
Percentile
5.1%
Related for NVD:CVE-2006-6438