Search criteria
2 vulnerabilities found for authorization_gateway by abinitio
CVE-2024-37382 (GCVE-0-2024-37382)
Vulnerability from nvd – Published: 2024-08-08 00:00 – Updated: 2024-08-08 19:32
VLAI?
Summary
An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration.
Severity ?
6.3 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"lessThan": "4.1.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.1.5.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.1.5.10"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.1.6.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.1.6.11"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.2.1.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.2.1.6"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.2.2.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.2.2.8"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.2.3.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.2.3.4"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.3.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.3.1.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-37382",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T19:20:33.504917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T19:32:43.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T17:52:26.088Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.abinitio.com/en/security-advisories/ab-2024-003/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-37382",
"datePublished": "2024-08-08T00:00:00.000Z",
"dateReserved": "2024-06-07T00:00:00.000Z",
"dateUpdated": "2024-08-08T19:32:43.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37382 (GCVE-0-2024-37382)
Vulnerability from cvelistv5 – Published: 2024-08-08 00:00 – Updated: 2024-08-08 19:32
VLAI?
Summary
An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration.
Severity ?
6.3 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"lessThan": "4.1.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.1.5.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.1.5.10"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.1.6.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.1.6.11"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.2.1.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.2.1.6"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.2.2.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.2.2.8"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.2.3.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.2.3.4"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.3.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.3.1.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-37382",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T19:20:33.504917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T19:32:43.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T17:52:26.088Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.abinitio.com/en/security-advisories/ab-2024-003/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-37382",
"datePublished": "2024-08-08T00:00:00.000Z",
"dateReserved": "2024-06-07T00:00:00.000Z",
"dateUpdated": "2024-08-08T19:32:43.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}