Search criteria
2 vulnerabilities by abinitio
CVE-2024-37382 (GCVE-0-2024-37382)
Vulnerability from cvelistv5 – Published: 2024-08-08 00:00 – Updated: 2024-08-08 19:32
VLAI?
Summary
An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration.
Severity ?
6.3 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"lessThan": "4.1.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.1.5.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.1.5.10"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.1.6.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.1.6.11"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.2.1.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.2.1.6"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.2.2.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.2.2.8"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.2.3.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.2.3.4"
}
]
},
{
"cpes": [
"cpe:2.3:a:abinitio:metadata_hub:4.3.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metadata_hub",
"vendor": "abinitio",
"versions": [
{
"status": "affected",
"version": "4.3.1.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-37382",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T19:20:33.504917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T19:32:43.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T17:52:26.088Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.abinitio.com/en/security-advisories/ab-2024-003/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-37382",
"datePublished": "2024-08-08T00:00:00.000Z",
"dateReserved": "2024-06-07T00:00:00.000Z",
"dateUpdated": "2024-08-08T19:32:43.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33408 (GCVE-0-2021-33408)
Vulnerability from cvelistv5 – Published: 2021-05-27 21:46 – Updated: 2024-08-03 23:50
VLAI?
Summary
Local File Inclusion vulnerability in Ab Initio Control>Center before 4.0.2.6 allows remote attackers to retrieve arbitrary files. Fixed in v4.0.2.6 and v4.0.3.1.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.abinitio.com/en/security-advisories/ab-2021-001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local File Inclusion vulnerability in Ab Initio Control\u003eCenter before 4.0.2.6 allows remote attackers to retrieve arbitrary files. Fixed in v4.0.2.6 and v4.0.3.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-27T21:46:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.abinitio.com/en/security-advisories/ab-2021-001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local File Inclusion vulnerability in Ab Initio Control\u003eCenter before 4.0.2.6 allows remote attackers to retrieve arbitrary files. Fixed in v4.0.2.6 and v4.0.3.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.abinitio.com/en/security-advisories/ab-2021-001/",
"refsource": "CONFIRM",
"url": "https://www.abinitio.com/en/security-advisories/ab-2021-001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33408",
"datePublished": "2021-05-27T21:46:02.000Z",
"dateReserved": "2021-05-20T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:50:42.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}