CVE-2024-37382

An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.abinitio.com/en/security-advisories/ab-2024-003/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:abinitio:authorization_gateway::::::::
	cpe:2.3:a:abinitio:authorization_gateway:4.1.5.10:::::::*
	cpe:2.3:a:abinitio:authorization_gateway:4.1.6.11:::::::*
	cpe:2.3:a:abinitio:authorization_gateway:4.2.1.6:::::::*
	cpe:2.3:a:abinitio:authorization_gateway:4.2.2.8:::::::*
	cpe:2.3:a:abinitio:authorization_gateway:4.2.3.4:::::::*
	cpe:2.3:a:abinitio:authorization_gateway:4.3.1.0:::::::*
	cpe:2.3:a:abinitio:metadata_hub::::::::
	cpe:2.3:a:abinitio:metadata_hub:4.1.5.10:::::::*
	cpe:2.3:a:abinitio:metadata_hub:4.1.6.11:::::::*
	cpe:2.3:a:abinitio:metadata_hub:4.2.1.6:::::::*
	cpe:2.3:a:abinitio:metadata_hub:4.2.2.8:::::::*
	cpe:2.3:a:abinitio:metadata_hub:4.2.3.4:::::::*
	cpe:2.3:a:abinitio:metadata_hub:4.3.1.0:::::::*

History

No history.

Information

Published : 2024-08-08 18:15

Updated : 2024-08-29 14:29

NVD link : CVE-2024-37382

Mitre link : CVE-2024-37382

CVE.ORG link : CVE-2024-37382

JSON object : View

Products Affected

abinitio

metadata_hub
authorization_gateway

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2024-37382", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 0.8}]}, "published": "2024-08-08T18:15:10.317", "references": [{"url": "https://www.abinitio.com/en/security-advisories/ab-2024-003/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration."}, {"lang": "es", "value": "Un problema descubierto en la funci\u00f3n de importaci\u00f3n de host en Ab Initio Metadata Hub y Authorization Gateway anteriores a 4.3.1.1 permite a los atacantes ejecutar c\u00f3digo arbitrario mediante modificaciones manipuladas de la configuraci\u00f3n del servidor."}], "lastModified": "2024-08-29T14:29:32.920", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:abinitio:authorization_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF108DF6-F0F4-4E15-A6B5-430EFE2864EF", "versionEndExcluding": "4.1.4.9"}, {"criteria": "cpe:2.3:a:abinitio:authorization_gateway:4.1.5.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "017E7879-4DA5-468C-B1E0-703F5F3FD43A"}, {"criteria": "cpe:2.3:a:abinitio:authorization_gateway:4.1.6.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9A65EDA-F758-4FC7-B8BA-453732E8C099"}, {"criteria": "cpe:2.3:a:abinitio:authorization_gateway:4.2.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E76752C8-24B3-4E23-803B-404D8B6C9DE2"}, {"criteria": "cpe:2.3:a:abinitio:authorization_gateway:4.2.2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DC4B64F-9AF6-4637-8185-0A5C6137E3A9"}, {"criteria": "cpe:2.3:a:abinitio:authorization_gateway:4.2.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91FEAC68-CB97-48D7-BD18-80A43621A6DA"}, {"criteria": "cpe:2.3:a:abinitio:authorization_gateway:4.3.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E40274A9-A4FD-48C0-AA09-2D330B4F4149"}, {"criteria": "cpe:2.3:a:abinitio:metadata_hub:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF5BB36B-BECF-490C-B14A-A54CEF5CFE31", "versionEndExcluding": "4.1.4.9"}, {"criteria": "cpe:2.3:a:abinitio:metadata_hub:4.1.5.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "814BFED4-81AA-4386-BD9A-53C35E7BC109"}, {"criteria": "cpe:2.3:a:abinitio:metadata_hub:4.1.6.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB73A7E3-4850-4960-9227-FC973C0AF0EC"}, {"criteria": "cpe:2.3:a:abinitio:metadata_hub:4.2.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15F28A5C-CC50-4073-8C28-92EA70FC8B03"}, {"criteria": "cpe:2.3:a:abinitio:metadata_hub:4.2.2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61F11BC5-1F8D-49AE-AEB8-02553EE4261B"}, {"criteria": "cpe:2.3:a:abinitio:metadata_hub:4.2.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE3471BA-85C7-4C05-85F1-A0A7C8F6B041"}, {"criteria": "cpe:2.3:a:abinitio:metadata_hub:4.3.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D63F600F-937C-474C-B0C7-849A722B89C1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}