- Vulnerability/
- ZDI-CAN-24695
ZDI-CAN-24695: ZDI-24-1662: Veritas Enterprise Vault MobileHTMLView Cross-Site Scripting Vulnerability
First published: Wed Dec 11 2024(Updated: )
This vulnerability allows remote attackers to execute web requests with the target user's privileges on affected installations of Veritas Enterprise Vault. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 6.3. The following CVEs are assigned: CVE-2024-52941.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Enterprise Vault |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of ZDI-CAN-24695?
The severity of ZDI-CAN-24695 is categorized as high due to its ability to allow remote code execution with user privileges.
What products are affected by ZDI-CAN-24695?
ZDI-CAN-24695 affects installations of Veritas Enterprise Vault.
How do I fix ZDI-CAN-24695?
To fix ZDI-CAN-24695, apply the latest security patches provided by Veritas for Enterprise Vault.
What type of attack does ZDI-CAN-24695 enable?
ZDI-CAN-24695 enables remote attackers to execute web requests using the target user's privileges.
Is user interaction required to exploit ZDI-CAN-24695?
Yes, user interaction is required for ZDI-CAN-24695, as the target must visit a malicious page to be exploited.
- collector/zdi-published
- source/ZDI
- alias/ZDI-CAN-24695
- agent/title
- agent/references
- agent/severity
- agent/last-modified-date
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/veritas
- canonical/symantec enterprise vault