Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for authorization_gateway by abinitio

    CVE-2024-37382 (GCVE-0-2024-37382)

    Vulnerability from nvd – Published: 2024-08-08 00:00 – Updated: 2024-08-08 19:32
    VLAI
    Summary
    An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    abinitio metadata_hub Affected: 0 , < 4.1.4.9 (custom)
        cpe:2.3:a:abinitio:metadata_hub:*:*:*:*:*:*:*:*
    Create a notification for this product.
    abinitio metadata_hub Affected: 4.1.5.10
        cpe:2.3:a:abinitio:metadata_hub:4.1.5.10:*:*:*:*:*:*:*
    Create a notification for this product.
    abinitio metadata_hub Affected: 4.1.6.11
        cpe:2.3:a:abinitio:metadata_hub:4.1.6.11:*:*:*:*:*:*:*
    Create a notification for this product.
    abinitio metadata_hub Affected: 4.2.1.6
        cpe:2.3:a:abinitio:metadata_hub:4.2.1.6:*:*:*:*:*:*:*
    Create a notification for this product.
    abinitio metadata_hub Affected: 4.2.2.8
        cpe:2.3:a:abinitio:metadata_hub:4.2.2.8:*:*:*:*:*:*:*
    Create a notification for this product.
    abinitio metadata_hub Affected: 4.2.3.4
        cpe:2.3:a:abinitio:metadata_hub:4.2.3.4:*:*:*:*:*:*:*
    Create a notification for this product.
    abinitio metadata_hub Affected: 4.3.1.0
        cpe:2.3:a:abinitio:metadata_hub:4.3.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:abinitio:metadata_hub:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "metadata_hub",
                "vendor": "abinitio",
                "versions": [
                  {
                    "lessThan": "4.1.4.9",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:abinitio:metadata_hub:4.1.5.10:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "metadata_hub",
                "vendor": "abinitio",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.1.5.10"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:abinitio:metadata_hub:4.1.6.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "metadata_hub",
                "vendor": "abinitio",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.1.6.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:abinitio:metadata_hub:4.2.1.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "metadata_hub",
                "vendor": "abinitio",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.2.1.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:abinitio:metadata_hub:4.2.2.8:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "metadata_hub",
                "vendor": "abinitio",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.2.2.8"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:abinitio:metadata_hub:4.2.3.4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "metadata_hub",
                "vendor": "abinitio",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.2.3.4"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:abinitio:metadata_hub:4.3.1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "metadata_hub",
                "vendor": "abinitio",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.1.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37382",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-08T19:20:33.504917Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-08T19:32:43.294Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-08T17:52:26.088Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.abinitio.com/en/security-advisories/ab-2024-003/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-37382",
        "datePublished": "2024-08-08T00:00:00.000Z",
        "dateReserved": "2024-06-07T00:00:00.000Z",
        "dateUpdated": "2024-08-08T19:32:43.294Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-37382 (GCVE-0-2024-37382)

    Vulnerability from cvelistv5 – Published: 2024-08-08 00:00 – Updated: 2024-08-08 19:32
    VLAI
    Summary
    An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    abinitio metadata_hub Affected: 0 , < 4.1.4.9 (custom)
        cpe:2.3:a:abinitio:metadata_hub:*:*:*:*:*:*:*:*
    Create a notification for this product.
    abinitio metadata_hub Affected: 4.1.5.10
        cpe:2.3:a:abinitio:metadata_hub:4.1.5.10:*:*:*:*:*:*:*
    Create a notification for this product.
    abinitio metadata_hub Affected: 4.1.6.11
        cpe:2.3:a:abinitio:metadata_hub:4.1.6.11:*:*:*:*:*:*:*
    Create a notification for this product.
    abinitio metadata_hub Affected: 4.2.1.6
        cpe:2.3:a:abinitio:metadata_hub:4.2.1.6:*:*:*:*:*:*:*
    Create a notification for this product.
    abinitio metadata_hub Affected: 4.2.2.8
        cpe:2.3:a:abinitio:metadata_hub:4.2.2.8:*:*:*:*:*:*:*
    Create a notification for this product.
    abinitio metadata_hub Affected: 4.2.3.4
        cpe:2.3:a:abinitio:metadata_hub:4.2.3.4:*:*:*:*:*:*:*
    Create a notification for this product.
    abinitio metadata_hub Affected: 4.3.1.0
        cpe:2.3:a:abinitio:metadata_hub:4.3.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:abinitio:metadata_hub:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "metadata_hub",
                "vendor": "abinitio",
                "versions": [
                  {
                    "lessThan": "4.1.4.9",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:abinitio:metadata_hub:4.1.5.10:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "metadata_hub",
                "vendor": "abinitio",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.1.5.10"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:abinitio:metadata_hub:4.1.6.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "metadata_hub",
                "vendor": "abinitio",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.1.6.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:abinitio:metadata_hub:4.2.1.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "metadata_hub",
                "vendor": "abinitio",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.2.1.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:abinitio:metadata_hub:4.2.2.8:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "metadata_hub",
                "vendor": "abinitio",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.2.2.8"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:abinitio:metadata_hub:4.2.3.4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "metadata_hub",
                "vendor": "abinitio",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.2.3.4"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:abinitio:metadata_hub:4.3.1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "metadata_hub",
                "vendor": "abinitio",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.1.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37382",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-08T19:20:33.504917Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-08T19:32:43.294Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-08T17:52:26.088Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.abinitio.com/en/security-advisories/ab-2024-003/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-37382",
        "datePublished": "2024-08-08T00:00:00.000Z",
        "dateReserved": "2024-06-07T00:00:00.000Z",
        "dateUpdated": "2024-08-08T19:32:43.294Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }