Safety Information:
Security Vulnerabilities in aQrate
I. Summary of Security Vulnerabilities
Affected Product:
aQrate
Description:
Four security risks have been identified in the aQrate web application:
aQrate
Description:
Four security risks have been identified in the aQrate web application:
- Exposure of user information: In environments where aQrate is used, non-administrators can obtain usernames and passwords managed by the aQrate Print Server.
- Exposure of the Print Server file list: In environments where aQrate is used via a browser, the directory structure of the aQrate Print Server and Central Server can be viewed.
- Disclosure of user information: In environments where aQrate is used, non-administrative users can retrieve the user list managed by the aQrate Print Server and Central Server via API.
- Remote code execution: In environments where aQrate is used, remote code can be executed on the Print Server without authorization. CVE-2021-31769
At the time of this publication, we are not aware of any attacks exploiting these vulnerabilities.
II. Solution Description
The IT security of our customers is a top priority for TA Triumph-Adler. Updated software is available to address these security vulnerabilities. For maximum protection, we recommend updating to the latest version 8.2 (Print Server/Central Server).