CVE-2024-6051

Improper Control of Resource Identifiers ('Resource Injection') (CWE-99)

Published: Sep 30, 2024 / Updated: 50d ago

010
CVSS 4.3EPSS 0.04%Medium
CVE info copied to clipboard

Cross Application Scripting vulnerability in Vercom S.A. Redlink SDK in specific situations allows local code injection and to manipulate the view of a vulnerable application.This issue affects Redlink SDK versions through 1.13.

CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:A/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:L/U:Clear

Timeline

First Article

Feedly found the first article mentioning CVE-2024-6051. See article

Sep 30, 2024 at 12:49 PM / CVE
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Sep 30, 2024 at 12:49 PM
CVE Assignment

NVD published the first details for CVE-2024-6051

Sep 30, 2024 at 1:15 PM
CVSS

A CVSS base score of 4.3 has been assigned.

Sep 30, 2024 at 1:20 PM / nvd
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.6%)

Oct 1, 2024 at 11:01 AM
Static CVE Timeline Graph

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

News

NA - CVE-2024-6051 - Cross Application Scripting vulnerability in...
Cross Application Scripting vulnerability in Vercom S.A. Redlink SDK in specific situations allows local code injection and to manipulate the view of a vulnerable application.This issue affects...
CVE-2024-6051 - Redlink SDK Cross-Site Scripting (XSS)
CVE ID : CVE-2024-6051 Published : Sept. 30, 2024, 1:15 p.m. 18 minutes ago Description : Cross Application Scripting vulnerability in Vercom S.A. Redlink SDK in specific situations allows local code injection and to manipulate the view of a vulnerable application.This issue affects Redlink SDK versions through 1.13. Severity: 0.0
CVE-2024-6051
Cross Application Scripting vulnerability in Vercom S.A. Redlink SDK in specific situations allows local code injection and to manipulate the view of a vulnerable application.This issue affects Redlink SDK versions through 1.13.
CVE-2024-6051
Cross Application Scripting vulnerability in Vercom S.A. Redlink SDK in specific situations allows local code injection and to manipulate the view of a vulnerable application.This issue affects Redlink SDK versions through...
CVE-2024-6051 | Vercom Redlink SDK up to 1.13 resource injection
A vulnerability was found in Vercom Redlink SDK up to 1.13 . It has been classified as problematic . Affected is an unknown function. The manipulation leads to improper control of resource identifiers. This vulnerability is traded as CVE-2024-6051 . Local access is required to approach this attack. There is no exploit available.
See 4 more articles and social media posts

CVSS V3.1

Unknown

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI