Lucene search

CERTVDECVELIST:CVE-2024-3911

HistoryApr 23, 2024 - 12:14 p.m.

CVE-2024-3911 Welotec: Clickjacking Vulnerability in WebUI

2024-04-2312:14:29

CWE-1021

CERTVDE

www.cve.org

clickjacking

welotec

webui

remote attacker

unauthenticated

deceive users

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.0005 Low

EPSS

Percentile

17.8%

JSON

An unauthenticated remote attacker can deceive users into performing unintended actions due to improper restriction of rendered UI layers or frames.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SMART EMS",
    "vendor": "Welotec",
    "versions": [
      {
        "lessThan": "3.1.4",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VPN Security Suite",
    "vendor": "Welotec",
    "versions": [
      {
        "lessThan": "3.1.4",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

cert.vde.com/en/advisories/VDE-2024-023

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.0005 Low

EPSS

Percentile

17.8%

JSON

Related for CVELIST:CVE-2024-3911