Search

Find a vulnerability

Search criteria

    2 vulnerabilities by welliamcao

    CVE-2024-11662 (GCVE-0-2024-11662)

    Vulnerability from nvd – Published: 2024-11-25 08:00 – Updated: 2024-11-26 15:32
    VLAI
    Title
    welliamcao OpsManage API Endpoint deploy_api.py deploy_host_vars deserialization
    Summary
    A vulnerability was found in welliamcao OpsManage 3.0.1/3.0.2/3.0.3/3.0.4/3.0.5. It has been rated as critical. This issue affects the function deploy_host_vars of the file /apps/api/views/deploy_api.py of the component API Endpoint. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    welliamcao OpsManage Affected: 3.0.1
    Affected: 3.0.2
    Affected: 3.0.3
    Affected: 3.0.4
    Affected: 3.0.5
    Create a notification for this product.
    welliamcao opsmanage Affected: 3.0.1
    Affected: 3.0.2
    Affected: 3.0.3
    Affected: 3.0.4
    Affected: 3.0.5
        cpe:2.3:a:welliamcao:opsmanage:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    sp1d3r (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:welliamcao:opsmanage:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "opsmanage",
                "vendor": "welliamcao",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.0.1"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.2"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.3"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.4"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.5"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-11662",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T15:30:28.031150Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T15:32:45.235Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "API Endpoint"
              ],
              "product": "OpsManage",
              "vendor": "welliamcao",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.1"
                },
                {
                  "status": "affected",
                  "version": "3.0.2"
                },
                {
                  "status": "affected",
                  "version": "3.0.3"
                },
                {
                  "status": "affected",
                  "version": "3.0.4"
                },
                {
                  "status": "affected",
                  "version": "3.0.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "sp1d3r (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in welliamcao OpsManage 3.0.1/3.0.2/3.0.3/3.0.4/3.0.5. It has been rated as critical. This issue affects the function deploy_host_vars of the file /apps/api/views/deploy_api.py of the component API Endpoint. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in welliamcao OpsManage 3.0.1/3.0.2/3.0.3/3.0.4/3.0.5 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion deploy_host_vars der Datei /apps/api/views/deploy_api.py der Komponente API Endpoint. Mittels dem Manipulieren mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "Deserialization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-25T08:00:12.726Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-285983 | welliamcao OpsManage API Endpoint deploy_api.py deploy_host_vars deserialization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.285983"
            },
            {
              "name": "VDB-285983 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.285983"
            },
            {
              "name": "Submit #447290 | github.com/welliamcao/OpsManage OpsManage v3.0.5\\v3.0.4\\v3.0.3\\v3.0.2\\v3.0.1 Remote Code Execution",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.447290"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/Sp1d3rL1/OpsManage_RCE"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/Sp1d3rL1/OpsManage_RCE/blob/main/OpsManage%20RCE.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-11-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-11-24T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-11-24T16:28:38.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "welliamcao OpsManage API Endpoint deploy_api.py deploy_host_vars deserialization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-11662",
        "datePublished": "2024-11-25T08:00:12.726Z",
        "dateReserved": "2024-11-24T15:23:06.518Z",
        "dateUpdated": "2024-11-26T15:32:45.235Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-11662 (GCVE-0-2024-11662)

    Vulnerability from cvelistv5 – Published: 2024-11-25 08:00 – Updated: 2024-11-26 15:32
    VLAI
    Title
    welliamcao OpsManage API Endpoint deploy_api.py deploy_host_vars deserialization
    Summary
    A vulnerability was found in welliamcao OpsManage 3.0.1/3.0.2/3.0.3/3.0.4/3.0.5. It has been rated as critical. This issue affects the function deploy_host_vars of the file /apps/api/views/deploy_api.py of the component API Endpoint. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    welliamcao OpsManage Affected: 3.0.1
    Affected: 3.0.2
    Affected: 3.0.3
    Affected: 3.0.4
    Affected: 3.0.5
    Create a notification for this product.
    welliamcao opsmanage Affected: 3.0.1
    Affected: 3.0.2
    Affected: 3.0.3
    Affected: 3.0.4
    Affected: 3.0.5
        cpe:2.3:a:welliamcao:opsmanage:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    sp1d3r (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:welliamcao:opsmanage:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "opsmanage",
                "vendor": "welliamcao",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.0.1"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.2"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.3"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.4"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.5"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-11662",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T15:30:28.031150Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T15:32:45.235Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "API Endpoint"
              ],
              "product": "OpsManage",
              "vendor": "welliamcao",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.1"
                },
                {
                  "status": "affected",
                  "version": "3.0.2"
                },
                {
                  "status": "affected",
                  "version": "3.0.3"
                },
                {
                  "status": "affected",
                  "version": "3.0.4"
                },
                {
                  "status": "affected",
                  "version": "3.0.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "sp1d3r (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in welliamcao OpsManage 3.0.1/3.0.2/3.0.3/3.0.4/3.0.5. It has been rated as critical. This issue affects the function deploy_host_vars of the file /apps/api/views/deploy_api.py of the component API Endpoint. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in welliamcao OpsManage 3.0.1/3.0.2/3.0.3/3.0.4/3.0.5 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion deploy_host_vars der Datei /apps/api/views/deploy_api.py der Komponente API Endpoint. Mittels dem Manipulieren mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "Deserialization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-25T08:00:12.726Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-285983 | welliamcao OpsManage API Endpoint deploy_api.py deploy_host_vars deserialization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.285983"
            },
            {
              "name": "VDB-285983 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.285983"
            },
            {
              "name": "Submit #447290 | github.com/welliamcao/OpsManage OpsManage v3.0.5\\v3.0.4\\v3.0.3\\v3.0.2\\v3.0.1 Remote Code Execution",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.447290"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/Sp1d3rL1/OpsManage_RCE"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/Sp1d3rL1/OpsManage_RCE/blob/main/OpsManage%20RCE.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-11-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-11-24T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-11-24T16:28:38.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "welliamcao OpsManage API Endpoint deploy_api.py deploy_host_vars deserialization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-11662",
        "datePublished": "2024-11-25T08:00:12.726Z",
        "dateReserved": "2024-11-24T15:23:06.518Z",
        "dateUpdated": "2024-11-26T15:32:45.235Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }