CVE-2024-1606

CVSS 3.1 Score 4.6 of 10 (medium)

Details

Published Mar 18, 2024
CWE ID 80

Summary

CVE-2024-1606 is a vulnerability affecting BMC Control-M versions 9.0.20 and 9.0.21. It is categorized as CWE-80, which refers to the improper neutralization of script-related HTML tags in a web page. The lack of input sanitization allows logged-in users to manipulate generated web pages by injecting HTML code, potentially leading to successful phishing attacks by tricking users into accessing malicious websites. The fix for the 9.0.20 branch is available in version 9.0.20.238, while the fix for the 9.0.21 branch is available in version 9.0.21.200. The vulnerability has a base severity rating of MEDIUM and requires low privileges and user interaction for exploitation, with a network attack vector and low impacts on integrity and confidentiality.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-1606 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options