CVE-2021-28668
CRITICALXerox AltaLink B80xx/C80xx < 103.008.020.23120 - SQL Injection
Title source: llmDescription
Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf
Scores
CVSS v3
9.8
EPSS
0.0098
EPSS Percentile
58.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (10)
xerox/altalink_b8045_firmware
< 103.008.020.23120
xerox/altalink_b8055_firmware
< 103.008.020.23120
xerox/altalink_b8065_firmware
< 103.008.020.23120
xerox/altalink_b8075_firmware
< 103.008.020.23120
xerox/altalink_b8090_firmware
< 103.008.020.23120
xerox/altalink_c8030_firmware
< 103.001.020.23120
xerox/altalink_c8035_firmware
< 103.001.020.23120
xerox/altalink_c8045_firmware
< 103.002.020.23120
xerox/altalink_c8055_firmware
< 103.002.020.23120
xerox/altalink_c8070_firmware
< 103.003.020.23120
Published
Mar 29, 2021
Tracked Since
Feb 18, 2026