Vasion Print Virtual Appliance Host and Application Outdated Vulnerable Components
Vulnerability
Vasion Print Virtual Appliance Host versions prior to 22.0.1002 and Application versions prior to 20.0.2614 contain multiple Docker containers with outdated, end-of-life, unsupported, or vulnerable third-party components. Examples of these components include Nginx 1.17.x, OpenSSL 1.1.1d, various end-of-life Alpine, Debian, and Ubuntu base images, and end-of-life Laravel/PHP libraries. These outdated components, present across many container images, increase the product's attack surface, potentially leading to exploitation chains when leveraged by an attacker.
Impact
The presence of these outdated components can be exploited, especially when combined with other vulnerabilities, to create exploitation chains that could be harmful to the application or its users.
Remediation
Users can update to Vasion Print Virtual Appliance Host v22.0.1002 and Application v20.0.2614, both of which include the necessary updates to address this vulnerability.