Email Alerts Security Vulnerability
CVE-2024-31946

4.2MEDIUM

Key Information:

Vendor: Stormshield Network Security
Vendor: CVE Published:; 15 July 2024

🔔 Create Stormshield Network Security Vulnerability Alert

What is CVE-2024-31946?

An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.41, 3.10.0 through 3.11.29, 4.0 through 4.3.24, and 4.4.0 through 4.7.4. A user who has access to the SNS with write access on the email alerts page has the ability to create alert email containing malicious JavaScript, executed by the template preview. The following versions fix this: 3.7.42, 3.11.30, 4.3.25, and 4.7.5.

References

https://advisories.stormshield.eu/2024-007

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2024

CVE-2024-31946 Data

JSON