CVE-2024-1619 - OpenCVE

Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. The issue was that an attacker could potentially force an administrator to click on a malicious link to perform unauthorized actions.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://support.kaspersky.com/vulnerability/list-of-advisories/12430#010224

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Kaspersky

Published: 2024-02-29T09:22:03.588Z

Updated: 2024-06-04T18:00:28.058Z

Reserved: 2024-02-19T08:38:14.449Z

Link: CVE-2024-1619

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-02-29T10:15:06.807

Modified: 2024-02-29T13:49:29.390

Link: CVE-2024-1619

JSON object: View

Redhat Information

No data.

CWE

CWE-74

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1619", "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "state": "PUBLISHED", "assignerShortName": "Kaspersky", "dateReserved": "2024-02-19T08:38:14.449Z", "datePublished": "2024-02-29T09:22:03.588Z", "dateUpdated": "2024-06-04T18:00:28.058Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "shortName": "Kaspersky", "dateUpdated": "2024-02-29T09:22:03.588Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-74", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "type": "CWE"}]}], "affected": [{"vendor": "Kaspersky", "product": "Kaspersky Security for Linux Mail Server 8", "versions": [{"version": "*", "status": "affected", "lessThan": "8.0.3.30 Security Patch A", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. The issue was that an attacker could potentially force an administrator to click on a malicious link to perform unauthorized actions."}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}}], "solutions": [{"lang": "en", "value": "Install version 8.0.3.30 Security Patch A of Kaspersky Security 8.0 for Linux Mail Server."}], "timeline": [{"time": "2024-02-01T00:00:00.000Z", "lang": "en", "value": "Advisory published by Kaspersky"}], "credits": [{"lang": "en", "value": "Adrian Tiron", "type": "finder"}, {"lang": "en", "value": "Bogdan Tiron", "type": "finder"}], "references": [{"url": "https://support.kaspersky.com/vulnerability/list-of-advisories/12430#010224", "name": "Advisory issued on February 1, 2024", "tags": ["vendor-advisory"]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1619", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-11T16:14:26.090266Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T18:00:28.058Z"}}]}}