La Sostenibilità per TIM

Il Report 2024 accoglie i principi della Corporate Sustainability Reporting Directive (CSRD) ed è incluso nella Relazione Finanziaria e di Sostenibilità. Approfondisci

Ultimi Comunicati Stampa

Redazione ufficio stampa

Leggi gli ultimi comunicati stampa e naviga nell'archivio dell'Ufficio Stampa del Gruppo TIM. Leggi i comunicati

CVE-2024-34398

CVE-2024-34398 – BMC Remedy Mid Tier

Vulnerability Description: HTML Injection - Stored - CWE-80

Software Version: 7.6.04

NIST: https://nvd.nist.gov/vuln/detail/CVE-2024-34398  

CVSS:

Severity:

Credits: Gabriele Duchi, Marco Ventura, Giulio Pellegrini, Massimiliano Brolli

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

This may allow such characters to be treated as control characters, which are executed client-side in the context of the user's session.

 

Security Impact

 

An authenticated attacker can store arbitrary HTML code in order to corrupt the web page, for example by creating phishing sections to extrapolate the victims' credentials.