2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
65.8%
Samba Web Administration Tool (SWAT) allows for Samba configuration through a web interface. SWAT contains a cross-site scripting vulnerability.
SWAT is disabled in a default configuration of Samba.
An arbitrary script may be executed on the web browser of a user that is logged into SWAT.
According to the developer, this vulnerability is exploitable only if JVN#29529126 is not addressed.
Update the software
Update to the latest version of Samba or apply the appropriate patch according to the information provided by the developer.
Samba Web Administration Tool (SWAT) contained in the following Samba versions are affected: