Filtered by vendor Xerox
Subscriptions
Filtered by product Freeflow Core
Subscriptions
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8356 | 1 Xerox | 1 Freeflow Core | 2025-08-19 | 9.8 Critical |
| In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system. | ||||
| CVE-2025-8355 | 1 Xerox | 1 Freeflow Core | 2025-08-14 | 7.5 High |
| In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF). | ||||
| CVE-2024-47559 | 1 Xerox | 1 Freeflow Core | 2024-10-16 | 7.6 High |
| Authenticated RCE via Path Traversal | ||||
| CVE-2024-47558 | 1 Xerox | 1 Freeflow Core | 2024-10-16 | 7.6 High |
| Authenticated RCE via Path Traversal | ||||
| CVE-2024-47556 | 1 Xerox | 1 Freeflow Core | 2024-10-16 | 8.3 High |
| Pre-Auth RCE via Path Traversal | ||||
| CVE-2024-47557 | 1 Xerox | 1 Freeflow Core | 2024-10-16 | 8.3 High |
| Pre-Auth RCE via Path Traversal | ||||
| CVE-2024-47555 | 1 Xerox | 1 Freeflow Core | 2024-10-10 | 8.3 High |
| Missing Authentication - User & System Configuration | ||||
Page 1 of 1.