Skip to main content

    Vulnerability KX driver

    Security vulnerabilities in aQrate

    I. Summary of the security vulnerabilities

    Affected product:
    aQrate

    Description:
    Four security risks were identified for the aQrate web application:

    1. Disclosure of user information: In environments where aQrate is used, non-administrators may obtain usernames and passwords managed by the aQrate Print Server.
    2. Print Server file list disclosure: In environments where aQrate is used via the browser, the directory structure of aQrate Print Server and Central Server can be viewed.
    3. User Information Disclosure: In environments where aQrate is used, non-administrators can access the user list managed by aQrate Print Server and Central Server via API.
    4. Remote Code Execution: In environments where aQrate is used, remote code can be executed in Print Server without privileges. CVE-2021-31769
    At the time of this publication, we are not aware of any attacks that exploit these vulnerabilities.

    II. Solution description

    The IT security of customers is a top priority for Utax. Updated software is available to close the security gaps. For the greatest possible protection, we recommend updating to the latest version 8.2 (Print Server/Central Server).