Search
Find a vulnerability
Search criteria
4 vulnerabilities by abinitio
CVE-2024-37382 (GCVE-0-2024-37382)
Vulnerability from nvd – Published: 2024-08-08 00:00 – Updated: 2024-08-08 19:32
VLAI
Summary
An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| abinitio | metadata_hub |
Affected:
0 , < 4.1.4.9
(custom)
cpe:2.3:a:abinitio:metadata_hub:*:*:*:*:*:*:*:* |
|
| abinitio | metadata_hub |
Affected:
4.1.5.10
cpe:2.3:a:abinitio:metadata_hub:4.1.5.10:*:*:*:*:*:*:* |
|
| abinitio | metadata_hub |
Affected:
4.1.6.11
cpe:2.3:a:abinitio:metadata_hub:4.1.6.11:*:*:*:*:*:*:* |
|
| abinitio | metadata_hub |
Affected:
4.2.1.6
cpe:2.3:a:abinitio:metadata_hub:4.2.1.6:*:*:*:*:*:*:* |
|
| abinitio | metadata_hub |
Affected:
4.2.2.8
cpe:2.3:a:abinitio:metadata_hub:4.2.2.8:*:*:*:*:*:*:* |
|
| abinitio | metadata_hub |
Affected:
4.2.3.4
cpe:2.3:a:abinitio:metadata_hub:4.2.3.4:*:*:*:*:*:*:* |
|
| abinitio | metadata_hub |
Affected:
4.3.1.0
cpe:2.3:a:abinitio:metadata_hub:4.3.1.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"lessThan": "4.1.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.1.5.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.1.5.10"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.1.6.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.1.6.11"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.2.1.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.2.1.6"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.2.2.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.2.2.8"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.2.3.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.2.3.4"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.3.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.3.1.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-37382",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T19:20:33.504917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T19:32:43.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T17:52:26.088Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.abinitio.com/en/security-advisories/ab-2024-003/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-37382",
"datePublished": "2024-08-08T00:00:00.000Z",
"dateReserved": "2024-06-07T00:00:00.000Z",
"dateUpdated": "2024-08-08T19:32:43.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33408 (GCVE-0-2021-33408)
Vulnerability from nvd – Published: 2021-05-27 21:46 – Updated: 2024-08-03 23:50
VLAI
Summary
Local File Inclusion vulnerability in Ab Initio Control>Center before 4.0.2.6 allows remote attackers to retrieve arbitrary files. Fixed in v4.0.2.6 and v4.0.3.1.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.abinitio.com/en/security-advisories/a… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.abinitio.com/en/security-advisories/ab-2021-001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local File Inclusion vulnerability in Ab Initio Control\u003eCenter before 4.0.2.6 allows remote attackers to retrieve arbitrary files. Fixed in v4.0.2.6 and v4.0.3.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-27T21:46:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.abinitio.com/en/security-advisories/ab-2021-001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local File Inclusion vulnerability in Ab Initio Control\u003eCenter before 4.0.2.6 allows remote attackers to retrieve arbitrary files. Fixed in v4.0.2.6 and v4.0.3.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.abinitio.com/en/security-advisories/ab-2021-001/",
"refsource": "CONFIRM",
"url": "https://www.abinitio.com/en/security-advisories/ab-2021-001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33408",
"datePublished": "2021-05-27T21:46:02.000Z",
"dateReserved": "2021-05-20T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:50:42.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37382 (GCVE-0-2024-37382)
Vulnerability from cvelistv5 – Published: 2024-08-08 00:00 – Updated: 2024-08-08 19:32
VLAI
Summary
An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| abinitio | metadata_hub |
Affected:
0 , < 4.1.4.9
(custom)
cpe:2.3:a:abinitio:metadata_hub:*:*:*:*:*:*:*:* |
|
| abinitio | metadata_hub |
Affected:
4.1.5.10
cpe:2.3:a:abinitio:metadata_hub:4.1.5.10:*:*:*:*:*:*:* |
|
| abinitio | metadata_hub |
Affected:
4.1.6.11
cpe:2.3:a:abinitio:metadata_hub:4.1.6.11:*:*:*:*:*:*:* |
|
| abinitio | metadata_hub |
Affected:
4.2.1.6
cpe:2.3:a:abinitio:metadata_hub:4.2.1.6:*:*:*:*:*:*:* |
|
| abinitio | metadata_hub |
Affected:
4.2.2.8
cpe:2.3:a:abinitio:metadata_hub:4.2.2.8:*:*:*:*:*:*:* |
|
| abinitio | metadata_hub |
Affected:
4.2.3.4
cpe:2.3:a:abinitio:metadata_hub:4.2.3.4:*:*:*:*:*:*:* |
|
| abinitio | metadata_hub |
Affected:
4.3.1.0
cpe:2.3:a:abinitio:metadata_hub:4.3.1.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"lessThan": "4.1.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.1.5.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.1.5.10"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.1.6.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.1.6.11"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.2.1.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.2.1.6"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.2.2.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.2.2.8"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.2.3.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.2.3.4"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.3.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.3.1.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-37382",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T19:20:33.504917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T19:32:43.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T17:52:26.088Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.abinitio.com/en/security-advisories/ab-2024-003/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-37382",
"datePublished": "2024-08-08T00:00:00.000Z",
"dateReserved": "2024-06-07T00:00:00.000Z",
"dateUpdated": "2024-08-08T19:32:43.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33408 (GCVE-0-2021-33408)
Vulnerability from cvelistv5 – Published: 2021-05-27 21:46 – Updated: 2024-08-03 23:50
VLAI
Summary
Local File Inclusion vulnerability in Ab Initio Control>Center before 4.0.2.6 allows remote attackers to retrieve arbitrary files. Fixed in v4.0.2.6 and v4.0.3.1.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.abinitio.com/en/security-advisories/a… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.abinitio.com/en/security-advisories/ab-2021-001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local File Inclusion vulnerability in Ab Initio Control\u003eCenter before 4.0.2.6 allows remote attackers to retrieve arbitrary files. Fixed in v4.0.2.6 and v4.0.3.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-27T21:46:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.abinitio.com/en/security-advisories/ab-2021-001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local File Inclusion vulnerability in Ab Initio Control\u003eCenter before 4.0.2.6 allows remote attackers to retrieve arbitrary files. Fixed in v4.0.2.6 and v4.0.3.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.abinitio.com/en/security-advisories/ab-2021-001/",
"refsource": "CONFIRM",
"url": "https://www.abinitio.com/en/security-advisories/ab-2021-001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33408",
"datePublished": "2021-05-27T21:46:02.000Z",
"dateReserved": "2021-05-20T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:50:42.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}