CVE-2022-42909

Description

WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they don´t own and print hem without authorization. In order to exploit this vulnerability, the user must have an account with wepanow.com or any of the institutions they serve, and be logged in.

Remediation

Solution:

  • The vulnerability has already been fixed by the WEPA security team.

Categories

6.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.07%
Third-Party Advisory enrique.wtf Third-Party Advisory incibe-cert.es
Affected: WEPA Wepa Print Away
Published at:
Updated at:

References

Link Tags
https://www.incibe-cert.es/en/early-warning/security-advisories/multiple-vulnerabilities-wepa-print-away third party advisory
https://enrique.wtf/CVE-2022-42909 third party advisory

Frequently Asked Questions

What is the severity of CVE-2022-42909?
CVE-2022-42909 has been scored as a medium severity vulnerability.
How to fix CVE-2022-42909?
To fix CVE-2022-42909: The vulnerability has already been fixed by the WEPA security team.
Is CVE-2022-42909 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-42909 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-42909?
CVE-2022-42909 affects WEPA Wepa Print Away.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.