Cross-Site Scripting Vulnerability in RSA NetWitness Web Interface
CVE-2024-23169

4.6MEDIUM

Key Information:

Vendor: RSA Security
Vendor: CVE Published:; 15 November 2024

🔔 Create RSA Security Vulnerability Alert

What is CVE-2024-23169?

The web interface of RSA NetWitness version 11.7.2.0 is susceptible to a Cross-Site Scripting (XSS) vulnerability. This issue arises during the creation of new rules within the Reports screen, specifically through the input field labeled 'Where.' Attackers can exploit this vulnerability to inject arbitrary scripts, which may lead to unauthorized data access, session hijacking, or the execution of malicious actions in the context of the user's session. It is crucial for users and administrators of RSA NetWitness to be aware of this vulnerability and apply necessary precautions to mitigate potential exploitation.

References

https://community.netwitness.com/t5/netwitness-platform-o...

https://community.netwitness.com/t5/netwitness-platform-p...

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2024

CVE-2024-23169 Data

JSON