CVE-2024-6398

Name of the Vulnerable Software and Affected Versions SWG versions 11.x prior to 11.2.24 SWG versions 12.x prior to 12.2.10

Description An information disclosure issue in SWG allows information stored in a customizable block page to be disclosed to third-party websites due to Same Origin Policy Bypass of browsers in certain scenarios. The risk is considered low because other default security policies, such as URL categorization and GTI, are typically in place to block access to uncategorized or high-risk websites. The extent of the information disclosed depends on how customers have customized their block pages.

Recommendations For SWG versions 11.x prior to 11.2.24, update to version 11.2.24 or later. For SWG versions 12.x prior to 12.2.10, update to version 12.2.10 or later.