Xerox recently patched two critical vulnerabilities in its FreeFlow Core print orchestration platform, which could allow remote attackers to execute arbitrary code. The flaws primarily affect organizations involved in large-scale printing and prepress workflows, increasing the risk of data breaches and system compromise. #XXEInjection #PathTraversal
Keypoints
- Xerox patched two vulnerabilities in its FreeFlow Core platform—an XXE injection and a path traversal issue.
- The security flaws could enable unauthenticated, remote attackers to execute arbitrary code by exploiting the system.
- The vulnerabilities were disclosed by Horizon3 and fixed in version 8.0.5 released on August 8.
- FreeFlow Core is used in organizations like universities, government agencies, and marketing firms with large printing needs.
- The platform’s open access nature makes it an attractive target for attackers seeking to access sensitive pre-public information.