LiveActive security incident?Get immediate response
CVE Record

CVE-2021-42641: PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Referen...

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the username and email address of all users.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-2021-42641 is an unauthenticated data disclosure issue in PrinterLogic Web Stack. Affected versions can expose usernames and email addresses for all users. This is not described as code execution, but it can create privacy, phishing, and reconnaissance risk for organizations using affected PrinterLogic deployments.

Executive priority

Prioritize within normal vulnerability management timelines, faster for internet-exposed deployments. The business risk is unauthorized disclosure of employee identifiers that can support phishing and internal targeting.

Technical view

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are reported vulnerable to an IDOR flaw allowing unauthenticated disclosure of user names and email addresses. The source bundle provides no CVSS score, CWE mapping, or detailed vulnerable endpoint information.

Likely exposure

Organizations running PrinterLogic Web Stack at version 19.1.1.13 SP9 or earlier are the relevant exposure group. Internet-facing or broadly reachable deployments have higher practical risk.

Exploitation context

The provided sources do not show CISA KEV listing or confirmed active exploitation. Public reporting discusses PrinterLogic security fixes, but this CVE should be treated specifically as unauthenticated user-data disclosure unless vendor guidance says otherwise.

Researcher notes

Evidence is limited to the CVE description and public references. Do not conflate this CVE with separately reported PrinterLogic RCE issues unless tracking those CVEs independently.

Mitigation direction

  • Identify all PrinterLogic Web Stack deployments and versions.
  • Review PrinterLogic's security bulletin for the supported remediation path.
  • Upgrade affected systems beyond 19.1.1.13 SP9 if vendor guidance confirms the fixed release.
  • Restrict access to PrinterLogic administrative interfaces to trusted networks where possible.
  • Monitor for unusual unauthenticated access patterns against PrinterLogic web endpoints.

Validation and detection

  • Confirm deployed PrinterLogic Web Stack versions are not 19.1.1.13 SP9 or below.
  • Check whether any PrinterLogic service is reachable from the internet.
  • Review access logs for high-volume anonymous user enumeration patterns.
  • Verify remediation status against PrinterLogic's published bulletin.
  • Document residual exposure for any unsupported or delayed upgrades.
Prepared
Confidence
medium
Sources
6

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2021-42641 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
1ADP providers
7Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CVECVE Program Container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/an/an/aListed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.