Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-38493— Symantec Privileged Access Manager Reflected Cross Site Scripting vulnerability

EPSS 0.09% · P25
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-38493

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Symantec Privileged Access Manager Reflected Cross Site Scripting vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Broadcom Symantec Privileged Access Management 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Broadcom Symantec Privileged Access Management(Broadcom Symantec PAM)是美国博通(Broadcom)公司的一种安全软件。通过保护敏感的管理凭据、控制特权用户访问、主动实施安全策略以及监控和记录虚拟、云和物理环境中的特权用户活动来帮助防止安全漏洞。 Broadcom Symantec Privileged Access Management存在安全漏洞,该漏洞源于PAM UI Web界面中存在一个反射型跨站脚本(XSS)漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
BroadcomSymantec Privileged Access Management 4.1.0 - 4.1.7 -

II. Public POCs for CVE-2024-38493

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-38493

登录查看更多情报信息。

Same Patch Batch · Broadcom · 2024-07-15 · 10 CVEs total

CVE-2024-38496Symantec Privileged Access Manager Insecure Direct Object Reference vulnerability
CVE-2024-38494Symantec Privileged Access Manager Remote Command Execution vulnerability
CVE-2024-38492Symantec Privileged Access Manager Remote Command Execution vulnerability
CVE-2024-38491Symantec Privileged Access Manager SQL Injection vulnerability
CVE-2024-38495Symantec Privileged Access Manager User Enumeration vulnerability
CVE-2024-36458Symantec Privileged Access Manager Privilege Escalation vulnerability
CVE-2024-36457Symantec Privileged Access Manager Authentication Bypass vulnerability
CVE-2024-36455Symantec Privileged Access Manager Remote Command Execution vulnerability
CVE-2024-36456Symantec Privileged Access Manager Remote Command Execution vulnerability

IV. Related Vulnerabilities

Same product: Symantec Privileged Access Management
Same vendor: Broadcom

V. Comments for CVE-2024-38493

No comments yet

Leave a comment