CVE-2024-51721

Published: Nov 12, 2024Modified: Nov 13, 2024

7.3

Vector

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Exploitability: 0.7 / Impact: 6.0

Source: secure@blackberry.com (Secondary)

Description

A code injection vulnerability in the SecuSUITE Server Web Administration Portal of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially inject script commands or other executable content into the server that would run with root privilege.

Related CWEs

CWE-59

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (1)

https://support.blackberry.com/pkb/s/article/140220

Source: secure@blackberry.com

Timeline

No history available yet.