Primary

Context

RICOH Streamline NX Improper Authorization Vulnerability Allowing User Data Leakage

Vulnerability

An improper authorization vulnerability has been identified in RICOH Streamline NX versions 3.5.1 through 24R3. This vulnerability allows a man-in-the-middle attacker to intercept communication between the user and the application. By sending a crafted request, the attacker could retrieve sensitive information such as the user's registration details and OpenID Connect (OIDC) tokens.

Impact

Exploitation of this vulnerability could lead to unauthorized access to another user's information, including credential IDs, user IDs, user PINs, account balances, and user certificates.

Remediation

Users are advised to update RICOH Streamline NX to the latest version. Until the update is applied, the developer recommends following the provided workaround. For more details, consult the notice on the Ricoh website.

Added: Jan 9, 2026, 8:17 AM

Updated: Jan 9, 2026, 8:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

RICOH Streamline NX Improper Authorization Vulnerability Allowing User Data Leakage

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating