CVE-2024-6051

Cross Application Scripting vulnerability in Vercom S.A. Redlink SDK in specific situations allows local code injection and to manipulate the view of a vulnerable application.This issue affects Redlink SDK versions through 1.13.

CVSS

No CVSS.

References

Link	Resource
https://cert.pl/en/posts/2024/09/CVE-2024-6051/
https://cert.pl/posts/2024/09/CVE-2024-6051/

Configurations

No configuration.

History

04 Oct 2024, 13:51

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de secuencias de comandos entre aplicaciones en el SDK de Vercom SA Redlink en situaciones específicas permite la inyección de código local y la manipulación de la vista de una aplicación vulnerable. Este problema afecta a las versiones del SDK de Redlink hasta la 1.13.

30 Sep 2024, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-30 13:15

Updated : 2024-10-04 13:51

NVD link : CVE-2024-6051

Mitre link : CVE-2024-6051

CVE.ORG link : CVE-2024-6051

JSON object : View

Products Affected

No product.

CWE

CWE-99

Improper Control of Resource Identifiers ('Resource Injection')

{"id": "CVE-2024-6051", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cvd@cert.pl", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "USER", "baseScore": 4.3, "automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:A/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:L/U:Clear", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "CLEAR", "userInteraction": "ACTIVE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "LOW", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "LOW", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-09-30T13:15:02.800", "references": [{"url": "https://cert.pl/en/posts/2024/09/CVE-2024-6051/", "source": "cvd@cert.pl"}, {"url": "https://cert.pl/posts/2024/09/CVE-2024-6051/", "source": "cvd@cert.pl"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cvd@cert.pl", "description": [{"lang": "en", "value": "CWE-99"}]}], "descriptions": [{"lang": "en", "value": "Cross Application Scripting vulnerability in Vercom S.A. Redlink SDK\u00a0in specific situations allows local code injection and to manipulate the view of a vulnerable application.This issue affects Redlink SDK versions through 1.13."}, {"lang": "es", "value": "La vulnerabilidad de secuencias de comandos entre aplicaciones en el SDK de Vercom SA Redlink en situaciones espec\u00edficas permite la inyecci\u00f3n de c\u00f3digo local y la manipulaci\u00f3n de la vista de una aplicaci\u00f3n vulnerable. Este problema afecta a las versiones del SDK de Redlink hasta la 1.13."}], "lastModified": "2024-10-04T13:51:25.567", "sourceIdentifier": "cvd@cert.pl"}