CVE-2024-21864 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	ADJACENT_NETWORK	HIGH	NONE	CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:H
intel	CNA	7.8 HIGH	ADJACENT_NETWORK	HIGH	NONE	CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:H
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 55%

Common Weakness Enumeration

CWE-86 - Improper Neutralization of Invalid Characters in Identifiers in Web Pages
The software does not neutralize or incorrectly neutralizes invalid characters or byte sequences in the middle of tag names, URI schemes, and other identifiers.
CWE-707 - Improper Neutralization
The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01053.html

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01053.html