CVE ID | CVE-2024-6051 |
Publication date | 30 September 2024 |
Vendor | Vercom S.A. |
Product | Redlink SDK |
Vulnerable versions | All through 1.13 |
Vulnerability type (CWE) | Improper Control of Resource Identifiers ('Resource Injection') (CWE-99) |
Report source | Report to CERT Polska |
Description
CERT Polska has received a report about a vulnerability in Vercom S.A. Redlink SDK (Software Development Kit) and participated in coordination of its disclosure.
The Cross Application Scripting vulnerability CVE-2024-6051 in Vercom S.A. Redlink SDK in specific situations allows code injection and to manipulate the view of a vulnerable application. This issue affects Redlink SDK versions through 1.13.
Credits
We thank Maksymilian Motyl from Immunity Systems for the responsible vulnerability report.
More about the coordinated vulnerability disclosure process at CERT Polska can be found at https://cert.pl/en/cvd/.