{"api_version":"1","generated_at":"2026-04-23T14:03:09+00:00","cve":"CVE-2023-4568","urls":{"html":"https://cve.report/CVE-2023-4568","api":"https://cve.report/api/cve/CVE-2023-4568.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-4568","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-4568"},"summary":{"title":"CVE-2023-4568","description":"PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.","state":"PUBLIC","assigner":"vulnreport@tenable.com","published_at":"2023-09-13 21:15:00","updated_at":"2023-09-15 16:20:00"},"problem_types":["CWE-287"],"metrics":[],"references":[{"url":"https://www.tenable.com/security/research/tra-2023-31","name":"https://www.tenable.com/security/research/tra-2023-31","refsource":"MISC","tags":[],"title":"PaperCut NG Unauthenticated XMLRPC Functionality - Research Advisory | Tenable®","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-4568","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4568","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"4568","vulnerable":"1","versionEndIncluding":"22.0.12","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"papercut","cpe5":"papercut_ng","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-4568","qid":"150728","title":"PaperCut NG/MF Unauthenticated XMLRPC Functionality (CVE-2023-4568)"},{"cve":"CVE-2023-4568","qid":"731058","title":"PaperCut NG/MF XMLRPC Improper Access Control Vulnerability"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-4568","ASSIGNER":"vulnreport@tenable.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-287 Improper Authentication","cweId":"CWE-287"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"PaperCut","product":{"product_data":[{"product_name":"PaperCut NG","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"status":"unknown","version":"0"}],"defaultStatus":"unaffected"}}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.tenable.com/security/research/tra-2023-31","refsource":"MISC","name":"https://www.tenable.com/security/research/tra-2023-31"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"UNKNOWN"},"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","version":"3.1"}]}},"nvd":{"publishedDate":"2023-09-13 21:15:00","lastModifiedDate":"2023-09-15 16:20:00","problem_types":["CWE-287"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":2.5}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*","versionEndIncluding":"22.0.12","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}