CVE-2024-9101 (GCVE-0-2024-9101)

Vulnerability from cvelistv5 – Published: 2024-12-19 13:41 – Updated: 2024-12-20 20:20
VLAI?
Title
phpLDAPadmin: Reflected Cross-Site Scripting in entry_chooser.php
Summary
A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' function. However, exploitation is limited to specific conditions where 'opener' is correctly set.
Severity ?
2.1 (Low)
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
Vendor Product Version
phpLDAPadmin phpLDAPadmin Affected: 1.2.1
Affected: 1.2.6.7
Create a notification for this product.
Credits
Andreas Pfefferle, Redguard AG
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9101",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-20T20:20:12.468228Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-20T20:20:24.165Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/leenooks/phpLDAPadmin/releases",
          "defaultStatus": "affected",
          "platforms": [
            "All platforms supporting phpLDAPadmin"
          ],
          "product": "phpLDAPadmin",
          "programFiles": [
            "htdocs/entry_chooser.php"
          ],
          "repo": "https://github.com/leenooks/phpLDAPadmin",
          "vendor": "phpLDAPadmin",
          "versions": [
            {
              "status": "affected",
              "version": "1.2.1"
            },
            {
              "status": "affected",
              "version": "1.2.6.7"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Andreas Pfefferle, Redguard AG"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A reflected cross-site scripting (XSS) vulnerability in the \u0027Entry Chooser\u0027 of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user\u0027s browser via the \u0027element\u0027 parameter, which is unsafely passed to the JavaScript \u0027eval\u0027 function. However, exploitation is limited to specific conditions where \u0027opener\u0027 is correctly set."
            }
          ],
          "value": "A reflected cross-site scripting (XSS) vulnerability in the \u0027Entry Chooser\u0027 of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user\u0027s browser via the \u0027element\u0027 parameter, which is unsafely passed to the JavaScript \u0027eval\u0027 function. However, exploitation is limited to specific conditions where \u0027opener\u0027 is correctly set."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Allows execution of arbitrary JavaScript in the user\u0027s browser."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 2.1,
            "baseSeverity": "LOW",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T13:41:06.610Z",
        "orgId": "455daabc-a392-441d-aa46-37d35189897c",
        "shortName": "NCSC.ch"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.redguard.ch/blog/2024/12/19/security-advisory-phpldapadmin/"
        },
        {
          "url": "https://github.com/leenooks/phpLDAPadmin/commit/f713afc8d164169516c91b0988531f2accb9bce6#diff-c2d6d7678ada004e704ee055169395a58227aaec86a6f75fa74ca18ff49bca44R27"
        },
        {
          "url": "https://github.com/leenooks/phpLDAPadmin/blob/master/htdocs/entry_chooser.php"
        },
        {
          "url": "https://sourceforge.net/projects/phpldapadmin/files/phpldapadmin-php5/1.2.1/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "It is recommended to avoid using the \u003ctt\u003eeval()\u003c/tt\u003e function, especially in combination with user-supplied input. Instead of using \u003ctt\u003eeval()\u003c/tt\u003e, it is advised to access the DOM element directly in a safe manner.\u003cbr\u003e"
            }
          ],
          "value": "It is recommended to avoid using the eval() function, especially in combination with user-supplied input. Instead of using eval(), it is advised to access the DOM element directly in a safe manner."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "phpLDAPadmin: Reflected Cross-Site Scripting in entry_chooser.php",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
    "assignerShortName": "NCSC.ch",
    "cveId": "CVE-2024-9101",
    "datePublished": "2024-12-19T13:41:06.610Z",
    "dateReserved": "2024-09-23T13:40:38.311Z",
    "dateUpdated": "2024-12-20T20:20:24.165Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A reflected cross-site scripting (XSS) vulnerability in the \u0027Entry Chooser\u0027 of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user\u0027s browser via the \u0027element\u0027 parameter, which is unsafely passed to the JavaScript \u0027eval\u0027 function. However, exploitation is limited to specific conditions where \u0027opener\u0027 is correctly set.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en el \u0027Entry Chooser\u0027 de phpLDAPadmin (versi\\u00f3n 1.2.1 hasta la \\u00faltima versi\\u00f3n, 1.2.6.7) permite a los atacantes ejecutar c\\u00f3digo JavaScript arbitrario en el navegador del usuario a trav\\u00e9s del par\\u00e1metro \u0027element\u0027, que se pasa de forma no segura a la funci\\u00f3n \u0027eval\u0027 de JavaScript. Sin embargo, la explotaci\\u00f3n se limita a condiciones espec\\u00edficas en las que \u0027opener\u0027 est\\u00e1 configurado correctamente.\"}]",
      "id": "CVE-2024-9101",
      "lastModified": "2024-12-19T14:15:06.147",
      "metrics": "{\"cvssMetricV40\": [{\"source\": \"vulnerability@ncsc.ch\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 2.1, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"ACTIVE\", \"vulnerableSystemConfidentiality\": \"LOW\", \"vulnerableSystemIntegrity\": \"LOW\", \"vulnerableSystemAvailability\": \"LOW\", \"subsequentSystemConfidentiality\": \"LOW\", \"subsequentSystemIntegrity\": \"LOW\", \"subsequentSystemAvailability\": \"LOW\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}]}",
      "published": "2024-12-19T14:15:06.147",
      "references": "[{\"url\": \"https://github.com/leenooks/phpLDAPadmin/blob/master/htdocs/entry_chooser.php\", \"source\": \"vulnerability@ncsc.ch\"}, {\"url\": \"https://github.com/leenooks/phpLDAPadmin/commit/f713afc8d164169516c91b0988531f2accb9bce6#diff-c2d6d7678ada004e704ee055169395a58227aaec86a6f75fa74ca18ff49bca44R27\", \"source\": \"vulnerability@ncsc.ch\"}, {\"url\": \"https://sourceforge.net/projects/phpldapadmin/files/phpldapadmin-php5/1.2.1/\", \"source\": \"vulnerability@ncsc.ch\"}, {\"url\": \"https://www.redguard.ch/blog/2024/12/19/security-advisory-phpldapadmin/\", \"source\": \"vulnerability@ncsc.ch\"}]",
      "sourceIdentifier": "vulnerability@ncsc.ch",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"vulnerability@ncsc.ch\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-9101\",\"sourceIdentifier\":\"vulnerability@ncsc.ch\",\"published\":\"2024-12-19T14:15:06.147\",\"lastModified\":\"2024-12-19T14:15:06.147\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A reflected cross-site scripting (XSS) vulnerability in the \u0027Entry Chooser\u0027 of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user\u0027s browser via the \u0027element\u0027 parameter, which is unsafely passed to the JavaScript \u0027eval\u0027 function. However, exploitation is limited to specific conditions where \u0027opener\u0027 is correctly set.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en el \u0027Entry Chooser\u0027 de phpLDAPadmin (versi\u00f3n 1.2.1 hasta la \u00faltima versi\u00f3n, 1.2.6.7) permite a los atacantes ejecutar c\u00f3digo JavaScript arbitrario en el navegador del usuario a trav\u00e9s del par\u00e1metro \u0027element\u0027, que se pasa de forma no segura a la funci\u00f3n \u0027eval\u0027 de JavaScript. Sin embargo, la explotaci\u00f3n se limita a condiciones espec\u00edficas en las que \u0027opener\u0027 est\u00e1 configurado correctamente.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"vulnerability@ncsc.ch\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":2.1,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"ACTIVE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"vulnerability@ncsc.ch\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"references\":[{\"url\":\"https://github.com/leenooks/phpLDAPadmin/blob/master/htdocs/entry_chooser.php\",\"source\":\"vulnerability@ncsc.ch\"},{\"url\":\"https://github.com/leenooks/phpLDAPadmin/commit/f713afc8d164169516c91b0988531f2accb9bce6#diff-c2d6d7678ada004e704ee055169395a58227aaec86a6f75fa74ca18ff49bca44R27\",\"source\":\"vulnerability@ncsc.ch\"},{\"url\":\"https://sourceforge.net/projects/phpldapadmin/files/phpldapadmin-php5/1.2.1/\",\"source\":\"vulnerability@ncsc.ch\"},{\"url\":\"https://www.redguard.ch/blog/2024/12/19/security-advisory-phpldapadmin/\",\"source\":\"vulnerability@ncsc.ch\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-9101\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-20T20:20:12.468228Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-20T20:20:19.287Z\"}}], \"cna\": {\"title\": \"phpLDAPadmin: Reflected Cross-Site Scripting in entry_chooser.php\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Andreas Pfefferle, Redguard AG\"}], \"impacts\": [{\"descriptions\": [{\"lang\": \"en\", \"value\": \"Allows execution of arbitrary JavaScript in the user\u0027s browser.\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 2.1, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"ACTIVE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/leenooks/phpLDAPadmin\", \"vendor\": \"phpLDAPadmin\", \"product\": \"phpLDAPadmin\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.2.1\"}, {\"status\": \"affected\", \"version\": \"1.2.6.7\"}], \"platforms\": [\"All platforms supporting phpLDAPadmin\"], \"programFiles\": [\"htdocs/entry_chooser.php\"], \"collectionURL\": \"https://github.com/leenooks/phpLDAPadmin/releases\", \"defaultStatus\": \"affected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"It is recommended to avoid using the eval() function, especially in combination with user-supplied input. Instead of using eval(), it is advised to access the DOM element directly in a safe manner.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"It is recommended to avoid using the \u003ctt\u003eeval()\u003c/tt\u003e function, especially in combination with user-supplied input. Instead of using \u003ctt\u003eeval()\u003c/tt\u003e, it is advised to access the DOM element directly in a safe manner.\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.redguard.ch/blog/2024/12/19/security-advisory-phpldapadmin/\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://github.com/leenooks/phpLDAPadmin/commit/f713afc8d164169516c91b0988531f2accb9bce6#diff-c2d6d7678ada004e704ee055169395a58227aaec86a6f75fa74ca18ff49bca44R27\"}, {\"url\": \"https://github.com/leenooks/phpLDAPadmin/blob/master/htdocs/entry_chooser.php\"}, {\"url\": \"https://sourceforge.net/projects/phpldapadmin/files/phpldapadmin-php5/1.2.1/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A reflected cross-site scripting (XSS) vulnerability in the \u0027Entry Chooser\u0027 of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user\u0027s browser via the \u0027element\u0027 parameter, which is unsafely passed to the JavaScript \u0027eval\u0027 function. However, exploitation is limited to specific conditions where \u0027opener\u0027 is correctly set.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A reflected cross-site scripting (XSS) vulnerability in the \u0027Entry Chooser\u0027 of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user\u0027s browser via the \u0027element\u0027 parameter, which is unsafely passed to the JavaScript \u0027eval\u0027 function. However, exploitation is limited to specific conditions where \u0027opener\u0027 is correctly set.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"455daabc-a392-441d-aa46-37d35189897c\", \"shortName\": \"NCSC.ch\", \"dateUpdated\": \"2024-12-19T13:41:06.610Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-9101\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-20T20:20:24.165Z\", \"dateReserved\": \"2024-09-23T13:40:38.311Z\", \"assignerOrgId\": \"455daabc-a392-441d-aa46-37d35189897c\", \"datePublished\": \"2024-12-19T13:41:06.610Z\", \"assignerShortName\": \"NCSC.ch\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.