PrinterlogicCVEs & Vulnerabilities

62 CVEs affecting Printerlogic products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

virtual appliance 50vasion print 49web stack 18print management 3windows client 1
CVE-2025-27637MEDIUM

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Cross-Site Scripting V-2024-016.

5 Mar 2025
6.1
CVSS
CVE-2022-32427HIGH

PrinterLogic Windows Client through 25.0.0.676 allows attackers to execute directory traversal. Authenticated users with prior knowledge of the driver filename could exploit this to escalate privileges or distribute malicious content. This issue has been resolved in PrinterLogic Windows Client 25.0.0688 and all affected are advised to upgrade.

25 Aug 2022
8.8
CVSS
CVE-2021-42642HIGH

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the plaintext console username and password for a printer.

2 Feb 2022
7.5
CVSS
CVE-2021-42641HIGH

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the username and email address of all users.

2 Feb 2022
7.5
CVSS
CVE-2021-42640CRITICAL

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to reassign drivers for any printer.

2 Feb 2022
9.1
CVSS
CVE-2021-42639MEDIUM

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to multiple reflected cross site scripting vulnerabilities. Attacker controlled input is reflected back in the page without sanitization.

2 Feb 2022
6.1
CVSS
CVE-2021-42637CRITICAL

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL, resulting in a Server Side Request Forgery (SSRF) vulnerability.

2 Feb 2022
9.8
CVSS
CVE-2021-42633MEDIUM

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to SQL Injection, which may allow an attacker to access additional audit records.

2 Feb 2022
5.3
CVSS
CVE-2021-42638HIGH

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in pre-auth remote code execution.

2 Feb 2022
8.1
CVSS
CVE-2021-42635HIGH

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading to pre-auth remote code execution.

31 Jan 2022
8.1
CVSS
CVE-2021-42631HIGH

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading to pre-auth remote code execution.

31 Jan 2022
8.1
CVSS
CVE-2019-9505CRITICAL

The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthenticated attacker may be able to remotely execute arbitrary code with SYSTEM privileges.

8 May 2019
9.8
CVSS
CVE-2018-5409CRITICAL

The PrinterLogic Print Management software, versions up to and including 18.3.1.96, updates and executes the code without sufficiently verifying the origin and integrity of the code. An attacker can execute malicious code by compromising the host server, performing DNS spoofing, or modifying the code in transit.

8 May 2019
9.8
CVSS
CVE-2018-5408HIGH

The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not validate, or incorrectly validates, the PrinterLogic management portal's SSL certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host.

8 May 2019
7.4
CVSS
← PrevPage 2 / 2Next →