CVE-2024-55925

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Xerox Workplace Suite versions prior to 5.6.701.9

Description The issue involves an API security bypass through header manipulation. In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This exploit targets improper host validation, potentially exposing sensitive API endpoints.

Recommendations Xerox Workplace Suite versions prior to 5.6.701.9 should update to version 5.6.701.9 or later to resolve the issue.

Fix

Improper Authentication

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-290

Related Identifiers

BDU:2025-01850

CVE-2024-55925

Affected Products

Xerox Workplace Suite

CVE-2024-55925

Weakness Enumeration

Related Identifiers

Affected Products

References · 13