An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration.
References
Link | Resource |
---|---|
https://www.abinitio.com/en/security-advisories/ab-2024-003/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
29 Aug 2024, 14:29
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
First Time |
Abinitio metadata Hub
Abinitio Abinitio authorization Gateway |
|
References | () https://www.abinitio.com/en/security-advisories/ab-2024-003/ - Vendor Advisory | |
CPE | cpe:2.3:a:abinitio:authorization_gateway:*:*:*:*:*:*:*:* cpe:2.3:a:abinitio:metadata_hub:4.2.2.8:*:*:*:*:*:*:* cpe:2.3:a:abinitio:authorization_gateway:4.2.2.8:*:*:*:*:*:*:* cpe:2.3:a:abinitio:metadata_hub:4.1.6.11:*:*:*:*:*:*:* cpe:2.3:a:abinitio:metadata_hub:4.3.1.0:*:*:*:*:*:*:* cpe:2.3:a:abinitio:authorization_gateway:4.1.5.10:*:*:*:*:*:*:* cpe:2.3:a:abinitio:metadata_hub:*:*:*:*:*:*:*:* cpe:2.3:a:abinitio:metadata_hub:4.1.5.10:*:*:*:*:*:*:* cpe:2.3:a:abinitio:authorization_gateway:4.1.6.11:*:*:*:*:*:*:* cpe:2.3:a:abinitio:authorization_gateway:4.2.1.6:*:*:*:*:*:*:* cpe:2.3:a:abinitio:authorization_gateway:4.3.1.0:*:*:*:*:*:*:* cpe:2.3:a:abinitio:metadata_hub:4.2.3.4:*:*:*:*:*:*:* cpe:2.3:a:abinitio:authorization_gateway:4.2.3.4:*:*:*:*:*:*:* cpe:2.3:a:abinitio:metadata_hub:4.2.1.6:*:*:*:*:*:*:* |
08 Aug 2024, 20:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.3 |
CWE | CWE-94 |
08 Aug 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-08 18:15
Updated : 2024-08-29 14:29
NVD link : CVE-2024-37382
Mitre link : CVE-2024-37382
CVE.ORG link : CVE-2024-37382
JSON object : View
Products Affected
abinitio
- authorization_gateway
- metadata_hub
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')