Vasion Print
Moderate fix1 remedy
Moderate fix1 remedy
- < 25.1.102
Vasion Print Unauthenticated API Group Enumeration Vulnerability
Vulnerability
Patched
An unauthenticated API vulnerability has been identified in Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413, specifically in VA/SaaS deployments. The vulnerability exists in the '/api-gateway/identity/search-groups' endpoint, which lacks authentication, allowing remote attackers to enumerate group objects for a tenant. The exposed information includes internal identifiers such as group IDs, source service IDs, Azure AD object IDs, creation timestamps, and tenant IDs.
Impact
Exploitation of this vulnerability allows for unauthorized group enumeration, potentially leading to information disclosure of internal identifiers associated with each group.
Remediation
Users can update to Vasion Print Virtual Appliance Host version 25.1.102 or later and Application version 25.1.1413 or later. For Vasion Print (formerly PrinterLogic), the Windows Client should be updated to version 25.0.0.897 or later.
Added: Sep 29, 2025, 10:03 PM
Updated: Sep 29, 2025, 10:03 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
0.6exploitability
8.4remediation
0.0relevance
0.6threat
4.8urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.