CVE-2024-1621

moderate-risk
Published 2024-09-02

The registration process of uniFLOW Online (NT-ware product) apps, prior to and including version 2024.1.0, can be compromised when email login is enabled on the tenant. Those tenants utilising email login in combination with Microsoft Safe Links or similar are impacted. This vulnerability may allow the attacker to register themselves against a genuine user in the system and allow malicious users with similar access and capabilities via the app to the existing genuine user.

Do I need to act?

-
0.32% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (6)

Uniflow Online
Uniflow Online
Uniflow Online Print \& Scan
Uniflow Online Print \& Scan
Uniflow Smartclient
Uniflow Smartclient

Affected Vendors

Nt-Ware

References (2)

Vendor Advisory https://ntware.atlassian.net/wiki/spaces/SA/pages/12113215492/2024+Security+Advi...
Vendor Advisory https://www.canon-europe.com/psirt/advisory-information/
40
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 13/34 · Low