CVE-2010-3107 — Iprint vulnerability

CWE-2643 documents3 sources

Severity

7.1HIGHNVD

EPSS

3.4%

top 12.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Novell Iprint

Timeline

PublishedAug 23

Latest updateMay 17

Description

A certain ActiveX control in ienipp.ocx in the browser plugin in Novell iPrint Client before 5.42 does not properly restrict the set of files to be deleted, which allows remote attackers to cause a denial of service (recursive file deletion) via unspecified vectors related to a "logic flaw" in the CleanUploadFiles method in the nipplib.dll module.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

▶NVDnovell/iprint5.40+13

Patches

Patch: download.novell.com ↗Patch: dvlabs.tippingpoint.com ↗Patch: download.novell.com ↗

🔴Vulnerability Details

GHSA

GHSA-3qx8-4pqg-rc5h: A certain ActiveX control in ienipp↗2022-05-17

▶

CVEList

CVE-2010-3107: A certain ActiveX control in ienipp↗2010-08-23

▶