CVE-2024-0320

Name of the Vulnerable Software and Affected Versions FireEye Malware Analysis (AX) version 9.0.3.936530

Description The issue allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user. This is achieved by exploiting a Cross-Site Scripting weakness in the application.

Recommendations For FireEye Malware Analysis (AX) version 9.0.3.936530, consider restricting access to the application until a patch is available, and avoid using the application with sensitive user sessions. As a temporary workaround, consider implementing additional validation and sanitization of user input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.