Primary

Context

Xerox Workplace Suite Host Header Injection Vulnerability Allowing API Security Bypass

Vulnerability

A vulnerability in Xerox Workplace Suite allows for an API security bypass by manipulating the Host header. This issue arises when the server fails to properly validate or trust the Host header, enabling an attacker to forge a value and gain unauthorized access to sensitive API endpoints. The vulnerability affects Xerox Workplace Suite versions prior to 5.6.701.9.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive API endpoints, potentially allowing attackers to interact with the API in ways that could compromise the application or its data.

Remediation

Users can upgrade to Xerox Workplace Suite version 5.6.701.9 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Xerox Workplace Suite Host Header Injection Vulnerability Allowing API Security Bypass

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating