CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0315 – Remote file inclusion vulnerability in FireEye Central Management
https://notcve.org/view.php?id=CVE-2024-0315
Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. This vulnerability allows an attacker to upload a malicious PDF file to the system during the report creation process. Vulnerabilidad de inclusión remota de archivos en FireEye Central Management que afecta a la versión 9.1.1.956704. Esta vulnerabilidad permite a un atacante cargar un archivo PDF malicioso en el sistema durante el proceso de creación del informe. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0314 – XSS vulnerability in FireEye Central Management
https://notcve.org/view.php?id=CVE-2024-0314
XSS vulnerability in FireEye Central Management affecting version 9.1.1.956704, which could allow an attacker to modify special HTML elements in the application and cause a reflected XSS, leading to a session hijacking. Vulnerabilidad XSS en FireEye Central Management que afecta a la versión 9.1.1.956704, lo que podría permitir a un atacante modificar elementos HTML especiales en la aplicación y provocar XSS reflejado, lo que provocaría un secuestro de sesión. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •