Search
Find a vulnerability
Search criteria
2 vulnerabilities found for authorization_gateway by abinitio
CVE-2024-37382 (GCVE-0-2024-37382)
Vulnerability from nvd – Published: 2024-08-08 00:00 – Updated: 2024-08-08 19:32
VLAI
Summary
An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| abinitio | metadata_hub |
Affected:
0 , < 4.1.4.9
(custom)
cpe:2.3:a:abinitio:metadata_hub:*:*:*:*:*:*:*:* |
|
| abinitio | metadata_hub |
Affected:
4.1.5.10
cpe:2.3:a:abinitio:metadata_hub:4.1.5.10:*:*:*:*:*:*:* |
|
| abinitio | metadata_hub |
Affected:
4.1.6.11
cpe:2.3:a:abinitio:metadata_hub:4.1.6.11:*:*:*:*:*:*:* |
|
| abinitio | metadata_hub |
Affected:
4.2.1.6
cpe:2.3:a:abinitio:metadata_hub:4.2.1.6:*:*:*:*:*:*:* |
|
| abinitio | metadata_hub |
Affected:
4.2.2.8
cpe:2.3:a:abinitio:metadata_hub:4.2.2.8:*:*:*:*:*:*:* |
|
| abinitio | metadata_hub |
Affected:
4.2.3.4
cpe:2.3:a:abinitio:metadata_hub:4.2.3.4:*:*:*:*:*:*:* |
|
| abinitio | metadata_hub |
Affected:
4.3.1.0
cpe:2.3:a:abinitio:metadata_hub:4.3.1.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"lessThan": "4.1.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.1.5.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.1.5.10"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.1.6.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.1.6.11"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.2.1.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.2.1.6"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.2.2.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.2.2.8"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.2.3.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.2.3.4"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.3.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.3.1.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-37382",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T19:20:33.504917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T19:32:43.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T17:52:26.088Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.abinitio.com/en/security-advisories/ab-2024-003/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-37382",
"datePublished": "2024-08-08T00:00:00.000Z",
"dateReserved": "2024-06-07T00:00:00.000Z",
"dateUpdated": "2024-08-08T19:32:43.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37382 (GCVE-0-2024-37382)
Vulnerability from cvelistv5 – Published: 2024-08-08 00:00 – Updated: 2024-08-08 19:32
VLAI
Summary
An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| abinitio | metadata_hub |
Affected:
0 , < 4.1.4.9
(custom)
cpe:2.3:a:abinitio:metadata_hub:*:*:*:*:*:*:*:* |
|
| abinitio | metadata_hub |
Affected:
4.1.5.10
cpe:2.3:a:abinitio:metadata_hub:4.1.5.10:*:*:*:*:*:*:* |
|
| abinitio | metadata_hub |
Affected:
4.1.6.11
cpe:2.3:a:abinitio:metadata_hub:4.1.6.11:*:*:*:*:*:*:* |
|
| abinitio | metadata_hub |
Affected:
4.2.1.6
cpe:2.3:a:abinitio:metadata_hub:4.2.1.6:*:*:*:*:*:*:* |
|
| abinitio | metadata_hub |
Affected:
4.2.2.8
cpe:2.3:a:abinitio:metadata_hub:4.2.2.8:*:*:*:*:*:*:* |
|
| abinitio | metadata_hub |
Affected:
4.2.3.4
cpe:2.3:a:abinitio:metadata_hub:4.2.3.4:*:*:*:*:*:*:* |
|
| abinitio | metadata_hub |
Affected:
4.3.1.0
cpe:2.3:a:abinitio:metadata_hub:4.3.1.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"lessThan": "4.1.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.1.5.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.1.5.10"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.1.6.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.1.6.11"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.2.1.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.2.1.6"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.2.2.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.2.2.8"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.2.3.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.2.3.4"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.3.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.3.1.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-37382",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T19:20:33.504917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T19:32:43.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T17:52:26.088Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.abinitio.com/en/security-advisories/ab-2024-003/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-37382",
"datePublished": "2024-08-08T00:00:00.000Z",
"dateReserved": "2024-06-07T00:00:00.000Z",
"dateUpdated": "2024-08-08T19:32:43.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}