5.3

CVE-2024-6398

EPSS 0.07%
Veröffentlicht 15.07.2024 09:15:02
Zuletzt bearbeitet 21.11.2024 09:49:34
Quelle trellixpsirt@trellix.com
CVE-Watchlists
Login
Unerledigt
Login

An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 11.2.24 allows information stored in a customizable block page to be disclosed to third-party websites due to Same Origin Policy Bypass of browsers in certain scenarios. The risk is low, because other recommended default security policies such as URL categorization and GTI are in place in most policies to block access to uncategorized/high risk websites. Any information disclosed depends on how the customers have customized the block pages.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Skyhighsecurity ≫ Secure Web Gateway Version >= 11.0.0 < 11.2.24

Skyhighsecurity ≫ Secure Web Gateway Version >= 12.0.0 < 12.2.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.217

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
trellixpsirt@trellix.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://thrive.trellix.com/s/article/000013694

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2024-6398

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-6398

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-6398

EUVD