{"api_version":"1","generated_at":"2026-04-23T14:01:28+00:00","cve":"CVE-2019-12135","urls":{"html":"https://cve.report/CVE-2019-12135","api":"https://cve.report/api/cve/CVE-2019-12135.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-12135","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-12135"},"summary":{"title":"CVE-2019-12135","description":"An unspecified vulnerability in the application server in PaperCut MF and NG versions 18.3.8 and earlier and versions 19.0.3 and earlier allows remote attackers to execute arbitrary code via an unspecified vector.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2019-06-06 17:29:00","updated_at":"2020-08-24 17:37:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://www.papercut.com/products/ng/release-history/","name":"https://www.papercut.com/products/ng/release-history/","refsource":"CONFIRM","tags":["Release Notes","Vendor Advisory"],"title":"Release History","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.papercut.com/products/mf/release-history/","name":"https://www.papercut.com/products/mf/release-history/","refsource":"CONFIRM","tags":["Release Notes","Vendor Advisory"],"title":"PaperCut MF - Release History | PaperCut","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-12135","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12135","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"12135","vulnerable":"1","versionEndIncluding":"18.3.8","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"papercut","cpe5":"papercut_mf","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"12135","vulnerable":"1","versionEndIncluding":"19.0.3","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"papercut","cpe5":"papercut_mf","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"12135","vulnerable":"1","versionEndIncluding":"18.3.8","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"papercut","cpe5":"papercut_ng","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"12135","vulnerable":"1","versionEndIncluding":"19.0.3","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"papercut","cpe5":"papercut_ng","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2019-12135","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An unspecified vulnerability in the application server in PaperCut MF and NG versions 18.3.8 and earlier and versions 19.0.3 and earlier allows remote attackers to execute arbitrary code via an unspecified vector."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","name":"https://www.papercut.com/products/mf/release-history/","url":"https://www.papercut.com/products/mf/release-history/"},{"refsource":"CONFIRM","name":"https://www.papercut.com/products/ng/release-history/","url":"https://www.papercut.com/products/ng/release-history/"}]}},"nvd":{"publishedDate":"2019-06-06 17:29:00","lastModifiedDate":"2020-08-24 17:37:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*","versionStartIncluding":"19.0.1","versionEndIncluding":"19.0.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*","versionStartIncluding":"19.0.1","versionEndIncluding":"19.0.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*","versionEndIncluding":"18.3.8","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*","versionEndIncluding":"18.3.8","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"12135","Ordinal":"150460","Title":"CVE-2019-12135","CVE":"CVE-2019-12135","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"12135","Ordinal":"1","NoteData":"An unspecified vulnerability in the application server in PaperCut MF and NG versions 18.3.8 and earlier and versions 19.0.3 and earlier allows remote attackers to execute arbitrary code via an unspecified vector.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"12135","Ordinal":"2","NoteData":"2019-06-06","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"12135","Ordinal":"3","NoteData":"2019-06-06","Type":"Other","Title":"Modified"}]}}}