Lexmark MarkVision Enterprise ReportDownloadServlet Information Disclosure

Medium Nessus Plugin ID 80555


The remote web application is affected by an information disclosure vulnerability.


Nessus was able to exploit an information disclosure vulnerability in Lexmark MarkVision Enterprise due to improper handling of user input to the 'ReportDownloadServlet' servlet. A remote, unauthenticated attacker can exploit this issue to read arbitrary files


Upgrade to Lexmark MarkVision Enterprise 2.1.0 or later.

See Also



Plugin Details

Severity: Medium

ID: 80555

File Name: lexmark_markvision_cve_2014_8742.nasl

Version: $Revision: 1.3 $

Type: remote

Family: Misc.

Published: 2015/01/15

Modified: 2015/09/24

Dependencies: 66326

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:lexmark:markvision

Required KB Items: www/lexmark_markvision_enterprise

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 2014/12/09

Vulnerability Publication Date: 2014/12/09

Reference Information

CVE: CVE-2014-8742

BID: 71625

OSVDB: 115623