A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI.
References
Link | Resource |
---|---|
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678 | Permissions Required |
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678 | Permissions Required |
Configurations
History
21 Nov 2024, 09:26
Type | Values Removed | Values Added |
---|---|---|
References | () https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678 - Permissions Required |
10 Sep 2024, 16:35
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:broadcom:symantec_privileged_access_management:*:*:*:*:*:*:*:* | |
CWE | CWE-79 | |
First Time |
Broadcom
Broadcom symantec Privileged Access Management |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
References | () https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678 - Permissions Required |
16 Jul 2024, 13:43
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
15 Jul 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-15 14:15
Updated : 2024-11-21 09:26
NVD link : CVE-2024-38493
Mitre link : CVE-2024-38493
CVE.ORG link : CVE-2024-38493
JSON object : View
Products Affected
broadcom
- symantec_privileged_access_management
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')