CVE-2024-55928

Medium

Published: 23 January 2025

Published

23 January 2025

Modified

28 February 2026

KEV Added

—

Patch

—

CVSS Score 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0016 36.5th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Description

Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows attackers to intercept or access secrets without encryption

Security Summary

CVE-2024-55928 is a vulnerability in Xerox Workplace Suite that exposes sensitive secrets in clear text, both locally and remotely, allowing attackers to intercept or access them without encryption. Classified under CWE-312 (Cleartext Storage of Sensitive Information), it carries a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N), reflecting medium severity primarily due to high confidentiality impact.

The vulnerability can be exploited by attackers with low privileges, such as authenticated users, over the network with low complexity and no user interaction required. Successful exploitation enables high-impact disclosure of sensitive secrets, potentially compromising confidentiality without affecting integrity or availability.

Mitigation details are provided in the Xerox Security Bulletin XRX25-002, available at https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-002-for-Xerox%C2%AE-WorkplaceSuite%C2%AE.pdf. The CVE was published on 2025-01-23T18:15:32.100.

Details

CWE(s): CWE-312

Affected Products

xerox

workplace suite

≤ 5.6.701.9

References

https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-002-for-Xerox%C2%AE-WorkplaceSuite%C2%AE.pdf
Vendor Advisory · 10b61619-3869-496c-8a1e-f291b0e71e3f