CVE-2024-21984
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
5.4 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8
are susceptible to a difficult to exploit Reflected Cross-Site Scripting
(XSS) vulnerability. Successful exploit requires the attacker to know
specific information about the target instance and trick a privileged
user into clicking a specially crafted link. This could allow the
attacker to view or modify configuration settings or add or modify user
accounts.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "StorageGRID",
"vendor": "NetApp",
"versions": [
{
"lessThan": "11.8",
"status": "affected",
"version": "0",
"versionType": "general availability"
}
]
}
]Related
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
5.4 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%