Lucene search

VmwareCVELIST:CVE-2024-22277

HistoryJul 04, 2024 - 1:21 p.m.

CVE-2024-22277

2024-07-0413:21:17

vmware

www.cve.org

vmware

cloud director

html injection

vulnerability

replication tasks

network access

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

EPSS

Percentile

9.1%

JSON

VMware Cloud Director Availability contains an HTML injection vulnerability.
A
malicious actor with network access to VMware Cloud Director
Availability can craft malicious HTML tags to execute within replication
tasks.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "VMware Cloud Director Availability",
    "vendor": "N/A",
    "versions": [
      {
        "status": "affected",
        "version": "VMware Cloud Director Availability 4.x"
      }
    ]
  }
]

References

support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24557

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-22277