CVE-2024-50585

Name of the Vulnerable Software and Affected Versions: Numerix License Server (affected versions not specified)

Description: The issue allows attackers to infect users with arbitrary JavaScript code that runs in the context of the "Numerix License Server Administration System Login" page (nlslogin.jsp) when they click on a malicious link or visit a website under the control of an attacker. This can be triggered by sending a specially crafted HTTP POST request to the nlslogin.jsp page. The vendor has been unresponsive, and as a result, there is no available solution. Users are advised to restrict access and monitor logs.

Recommendations: To mitigate the risk, restrict access to the nlslogin.jsp page and monitor logs for suspicious activity. Try to reach out to your contact person for the Numerix vendor and request a patch. At the moment, there is no information about a newer version that contains a fix for this vulnerability.