- Vulnerability/
- ZDI-CAN-24696
ZDI-CAN-24696: ZDI-24-1661: Veritas Enterprise Vault HTMLView Cross-Site Scripting Vulnerability
First published: Wed Dec 11 2024(Updated: )
This vulnerability allows remote attackers to execute web requests with the target user's privileges on affected installations of Veritas Enterprise Vault. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 6.3. The following CVEs are assigned: CVE-2024-52942.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Enterprise Vault |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of ZDI-CAN-24696?
The severity of ZDI-CAN-24696 is critical due to the potential for remote code execution.
How do I fix ZDI-CAN-24696?
To fix ZDI-CAN-24696, update Veritas Enterprise Vault to the latest version provided by the vendor.
What are the potential impacts of ZDI-CAN-24696?
The potential impacts of ZDI-CAN-24696 include unauthorized access to user privileges and possible data compromise.
Who is affected by ZDI-CAN-24696?
ZDI-CAN-24696 affects installations of Veritas Enterprise Vault where user interaction can be triggered.
What type of attack does ZDI-CAN-24696 facilitate?
ZDI-CAN-24696 facilitates remote attacks that allow execution of web requests with the target user's privileges.
- collector/zdi-published
- source/ZDI
- alias/ZDI-CAN-24696
- agent/title
- agent/references
- agent/severity
- agent/last-modified-date
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/veritas
- canonical/symantec enterprise vault