CVE-2018-17210

Name of the Vulnerable Software and Affected Versions PrinterOn Central Print Services versions through 4.1.4

Description An issue was discovered in the core components of PrinterOn Central Print Services that create and launch a print job, where they do not perform complete verification of the session cookie supplied to them. This allows an attacker with guest or pseudo-guest level permissions to bypass session checks by directly calling the core print job components via crafted HTTP GET and POST requests, which would otherwise log out a low-privileged user.

Recommendations For versions through 4.1.4, consider restricting access to the core print job components to prevent direct calls via crafted HTTP requests as a temporary workaround until a patch is available.