Description

Users who click on a malicious link or visit a website under the control of an attacker can be infected with arbitrary JavaScript which is running in the context of the "Numerix License Server Administration System Login" (nlslogin.jsp) page. The vulnerability can be triggered by sending a specially crafted HTTP POST request.  The vendor was unresponsive during multiple attempts to contact them via various channels, hence there is no solution available. In case you are using this software, be sure to restrict access and monitor logs. Try to reach out to your contact person for this vendor and request a patch.

INFO

Published Date :

2024-12-11T14:59:53.068Z

Last Modified :

2024-12-12T23:02:53.412Z

Source :

SEC-VLab
AFFECTED PRODUCTS

The following products are affected by CVE-2024-50585 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-50585.

URL Resource
http://seclists.org/fulldisclosure/2024/Dec/4 cve-icon
https://r.sec-consult.com/numerix cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact