Design/Logic Flaw

2024-02-2901:40:00

PRIOn knowledge base

www.prio-n.com

stormshield network security

sns

versions 3.7.0-4.6.8

design flaw

logic flaw

data theft

malicious javascript

7.3 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.38 before 3.7.39, 3.10.0 through 3.11.26 before 3.11.27, 4.0 through 4.3.21 before 4.3.22, and 4.4.0 through 4.6.8 before 4.6.9. An administrator with write access to the SNS firewall can configure a login disclaimer with malicious JavaScript elements that can result in data theft.

References

advisories.stormshield.eu/2023-020/