What is the Xerox CNA?
Xerox is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 19 CVE records since 2024.
How many CVEs has Xerox published?
Xerox has published 19 CVE records, including 19 in the last two years.
What is Xerox's CVE data quality grade?
RadicalNotion.AI grades Xerox's CVE data quality as A, with an overall completeness score of 100%. This reflects how consistently its CVE records include vendor (100%), product (100%), CVSS (100%), and CWE (100%) information.
What products does Xerox publish CVEs for?
Xerox most frequently publishes CVEs for FreeFlow Core, workplace suite, Xerox Workplace Suite, freeflow_core, Versalink B405.
Which vendors does Xerox cover?
Xerox publishes CVEs across 2 distinct vendors, most often Xerox, microsoft.
Is Xerox actively publishing CVEs?
Xerox is currently active, based on 19 CVEs in the last two years.
What is the average severity of Xerox's CVEs?
The average CVSS base score across Xerox's scored CVEs is 7.2.
How many critical CVEs has Xerox published?
Xerox has published 2 critical-severity CVEs and 12 high-severity CVEs.
Are any of Xerox's CVEs in CISA's Known Exploited Vulnerabilities catalog?
No. None of Xerox's CVEs are currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
What are the most common weakness types in Xerox's CVEs?
Xerox's CVEs most often map to these CWE weakness types: CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')), CWE-611 (Improper Restriction of XML External Entity Reference), CWE-306 (Missing Authentication for Critical Function), CWE-290 (Authentication Bypass by Spoofing).
How does Xerox rank among CNAs?
By total CVE volume, Xerox ranks #247 of 370 CNAs, and it reports more complete CVE records than 60% of all CNAs.
