Primary

Context

RICOH Streamline NX Operation History Tampering Vulnerability

Vulnerability

A vulnerability exists in RICOH Streamline NX versions 3.5.1 to 24R3, allowing for unauthorized modification of operation history. This issue arises from the application directly recording usernames from HTTP request values. If an attacker can execute a man-in-the-middle attack, they could alter these request values, changing the usernames associated with specific operations in the management tool's history.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in the operation history, potentially allowing users to impersonate others by altering recorded usernames.

Remediation

Users are advised to update to the latest version of RICOH Streamline NX. Additionally, enable HTTPS to ensure all communications are encrypted.

Added: Sep 8, 2025, 5:16 AM

Updated: Sep 8, 2025, 5:16 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.0

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.0

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

RICOH Streamline NX Operation History Tampering Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating