{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-51721", "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "state": "PUBLISHED", "assignerShortName": "blackberry", "dateReserved": "2024-10-30T17:19:06.485Z", "datePublished": "2024-11-12T18:05:32.232Z", "dateUpdated": "2024-11-12T21:34:23.825Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["SecuSUITE Server Web Administration Portal"], "product": "SecuSUITE", "vendor": "BlackBerry", "versions": [{"status": "affected", "version": "5.0.420"}]}], "datePublic": "2024-11-12T18:03:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A </span><span style=\"background-color: rgb(255, 255, 255);\">code injection</span><span style=\"background-color: rgb(255, 255, 255);\"> vulnerability in the </span><span style=\"background-color: rgb(255, 255, 255);\">SecuSUITE</span> <span style=\"background-color: rgb(255, 255, 255);\">Server Web Administration Portal </span><span style=\"background-color: rgb(255, 255, 255);\">of </span><span style=\"background-color: rgb(255, 255, 255);\">SecuSUITE</span><span style=\"background-color: rgb(255, 255, 255);\"> versions 5.0.420 and earlier could allow an attacker to potentially </span><span style=\"background-color: rgb(255, 255, 255);\">inject script commands or other executable content into the server that would run with root privilege.</span>"}], "value": "A code injection vulnerability in the SecuSUITE Server Web Administration Portal of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially inject script commands or other executable content into the server that would run with root privilege."}], "impacts": [{"capecId": "CAPEC-132", "descriptions": [{"lang": "en", "value": "CAPEC-132 Symlink Attack"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-59", "description": "CWE-59 Improper Link Resolution Before File Access ('Link Following')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "shortName": "blackberry", "dateUpdated": "2024-11-12T18:43:15.094Z"}, "references": [{"url": "https://support.blackberry.com/pkb/s/article/140220"}], "source": {"discovery": "UNKNOWN"}, "title": "Vulnerabilities in SecuSUITE Server Components Impact SecuSUITE", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "blackberry", "product": "secusuite", "cpes": ["cpe:2.3:a:blackberry:secusuite:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5.0.420", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-12T21:32:19.174330Z", "id": "CVE-2024-51721", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-12T21:34:23.825Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-51721", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-12T21:32:19.174330Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:blackberry:secusuite:*:*:*:*:*:*:*:*"], "vendor": "blackberry", "product": "secusuite", "versions": [{"status": "affected", "version": "5.0.420"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-12T21:34:19.045Z"}}], "cna": {"title": "Vulnerabilities in SecuSUITE Server Components Impact SecuSUITE", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-132", "descriptions": [{"lang": "en", "value": "CAPEC-132 Symlink Attack"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "BlackBerry", "modules": ["SecuSUITE Server Web Administration Portal"], "product": "SecuSUITE", "versions": [{"status": "affected", "version": "5.0.420"}], "defaultStatus": "unaffected"}], "datePublic": "2024-11-12T18:03:00.000Z", "references": [{"url": "https://support.blackberry.com/pkb/s/article/140220"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A code injection vulnerability in the SecuSUITE Server Web Administration Portal of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially inject script commands or other executable content into the server that would run with root privilege.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A </span><span style=\"background-color: rgb(255, 255, 255);\">code injection</span><span style=\"background-color: rgb(255, 255, 255);\"> vulnerability in the </span><span style=\"background-color: rgb(255, 255, 255);\">SecuSUITE</span> <span style=\"background-color: rgb(255, 255, 255);\">Server Web Administration Portal </span><span style=\"background-color: rgb(255, 255, 255);\">of </span><span style=\"background-color: rgb(255, 255, 255);\">SecuSUITE</span><span style=\"background-color: rgb(255, 255, 255);\"> versions 5.0.420 and earlier could allow an attacker to potentially </span><span style=\"background-color: rgb(255, 255, 255);\">inject script commands or other executable content into the server that would run with root privilege.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-59", "description": "CWE-59 Improper Link Resolution Before File Access ('Link Following')"}]}], "providerMetadata": {"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "shortName": "blackberry", "dateUpdated": "2024-11-12T18:43:15.094Z"}}}, "cveMetadata": {"cveId": "CVE-2024-51721", "state": "PUBLISHED", "dateUpdated": "2024-11-12T21:34:23.825Z", "dateReserved": "2024-10-30T17:19:06.485Z", "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "datePublished": "2024-11-12T18:05:32.232Z", "assignerShortName": "blackberry"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A code injection vulnerability in the SecuSUITE Server Web Administration Portal of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially inject script commands or other executable content into the server that would run with root privilege."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de c\u00f3digo en SecuSUITE Server Web Administration Portal of SecuSUITE versiones 5.0.420 y anteriores, podr\u00eda permitir a un atacante inyectar potencialmente comandos de script u otro contenido ejecutable en el servidor que se ejecutar\u00eda con privilegios de superusuario."}], "id": "CVE-2024-51721", "lastModified": "2024-11-13T17:01:16.850", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 6.0, "source": "secure@blackberry.com", "type": "Secondary"}]}, "published": "2024-11-12T19:15:18.220", "references": [{"source": "secure@blackberry.com", "url": "https://support.blackberry.com/pkb/s/article/140220"}], "sourceIdentifier": "secure@blackberry.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "secure@blackberry.com", "type": "Secondary"}]}

{}

{}