CVE-2024-51723 Vulnerability Details

  /     /     /  

CVE-2024-51723 Metadata Quick Info

CVE Published: 25/11/2024 | CVE Updated: 25/11/2024 | CVE Year: 2024
Source: blackberry | Vendor: BlackBerry | Product: AtHoc
Status : PUBLISHED

---

CVE-2024-51723 Description

A Stored Cross-Site Scripting (XSS) vulnerability in the Management Console of BlackBerry AtHoc version 7.15 could allow an attacker to potentially execute actions in the context of the victim\'s session.

Metrics

CVSS Version: 3.1 | Base Score: 4.6 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* LOW
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-79
CWE Name: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or Cross-site Scripting )
Source: BlackBerry

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-592
CAPEC Description: CAPEC-592 Stored XSS


Source: NVD (National Vulnerability Database).