Cross-Site Scripting Vulnerability in RSA NetWitness Web Interface

CVE-2024-23169

Summary

The web interface of RSA NetWitness version 11.7.2.0 is susceptible to a Cross-Site Scripting (XSS) vulnerability. This issue arises during the creation of new rules within the Reports screen, specifically through the input field labeled 'Where.' Attackers can exploit this vulnerability to inject arbitrary scripts, which may lead to unauthorized data access, session hijacking, or the execution of malicious actions in the context of the user's session. It is crucial for users and administrators of RSA NetWitness to be aware of this vulnerability and apply necessary precautions to mitigate potential exploitation.

References