CVE-2022-42909
MEDIUMWEPA Print Away - Authenticated Missing Authorization for Document Print Orders
Title source: llmDescription
WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they don´t own and print hem without authorization. In order to exploit this vulnerability, the user must have an account with wepanow.com or any of the institutions they serve, and be logged in.
References (2)
Core 2
Core References
Third Party Advisory
https://enrique.wtf/CVE-2022-42909
Scores
CVSS v3
6.5
EPSS
0.0036
EPSS Percentile
28.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
CWE-862
Status
published
Products (1)
wepanow/print_away
Published
Feb 03, 2023
Tracked Since
Feb 18, 2026