CVE-2024-37382

An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:abinitio:authorization_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:authorization_gateway:4.1.5.10:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:authorization_gateway:4.1.6.11:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:authorization_gateway:4.2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:authorization_gateway:4.2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:authorization_gateway:4.2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:authorization_gateway:4.3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:metadata_hub:*:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:metadata_hub:4.1.5.10:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:metadata_hub:4.1.6.11:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:metadata_hub:4.2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:metadata_hub:4.2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:metadata_hub:4.2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:metadata_hub:4.3.1.0:*:*:*:*:*:*:*

History

29 Aug 2024, 14:29

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.3
v2 : unknown
v3 : 7.2
References () https://www.abinitio.com/en/security-advisories/ab-2024-003/ - () https://www.abinitio.com/en/security-advisories/ab-2024-003/ - Vendor Advisory
CPE cpe:2.3:a:abinitio:authorization_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:metadata_hub:4.2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:authorization_gateway:4.2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:metadata_hub:4.1.6.11:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:metadata_hub:4.3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:authorization_gateway:4.1.5.10:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:metadata_hub:*:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:metadata_hub:4.1.5.10:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:authorization_gateway:4.1.6.11:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:authorization_gateway:4.2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:authorization_gateway:4.3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:metadata_hub:4.2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:authorization_gateway:4.2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:metadata_hub:4.2.1.6:*:*:*:*:*:*:*
Summary
  • (es) Un problema descubierto en la función de importación de host en Ab Initio Metadata Hub y Authorization Gateway anteriores a 4.3.1.1 permite a los atacantes ejecutar código arbitrario mediante modificaciones manipuladas de la configuración del servidor.
First Time Abinitio metadata Hub
Abinitio
Abinitio authorization Gateway

08 Aug 2024, 20:35

Type Values Removed Values Added
CWE CWE-94
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.3

08 Aug 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-08 18:15

Updated : 2024-08-29 14:29


NVD link : CVE-2024-37382

Mitre link : CVE-2024-37382

CVE.ORG link : CVE-2024-37382


JSON object : View

Products Affected

abinitio

  • authorization_gateway
  • metadata_hub
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')