Lucene search

[email protected]NVD:CVE-2024-22241

HistoryFeb 06, 2024 - 8:16 p.m.

CVE-2024-22241

2024-02-0620:16:04

CWE-79

[email protected]

web.nvd.nist.gov

network security

cross site scripting

admin privileges

user account takeover

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

5.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.8%

JSON

Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account.

Affected configurations

NVD

Node

vmwarearia_operations_for_networksRange6.0.0–6.12.0

References

www.vmware.com/security/advisories/VMSA-2024-0002.html