CVE-2024-37382

An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:abinitio:authorization_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:authorization_gateway:4.1.5.10:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:authorization_gateway:4.1.6.11:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:authorization_gateway:4.2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:authorization_gateway:4.2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:authorization_gateway:4.2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:authorization_gateway:4.3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:metadata_hub:*:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:metadata_hub:4.1.5.10:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:metadata_hub:4.1.6.11:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:metadata_hub:4.2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:metadata_hub:4.2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:metadata_hub:4.2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:metadata_hub:4.3.1.0:*:*:*:*:*:*:*

History

29 Aug 2024, 14:29

Type Values Removed Values Added
Summary
  • (es) Un problema descubierto en la función de importación de host en Ab Initio Metadata Hub y Authorization Gateway anteriores a 4.3.1.1 permite a los atacantes ejecutar código arbitrario mediante modificaciones manipuladas de la configuración del servidor.
CVSS v2 : unknown
v3 : 6.3
v2 : unknown
v3 : 7.2
First Time Abinitio metadata Hub
Abinitio
Abinitio authorization Gateway
References () https://www.abinitio.com/en/security-advisories/ab-2024-003/ - () https://www.abinitio.com/en/security-advisories/ab-2024-003/ - Vendor Advisory
CPE cpe:2.3:a:abinitio:authorization_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:metadata_hub:4.2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:authorization_gateway:4.2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:metadata_hub:4.1.6.11:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:metadata_hub:4.3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:authorization_gateway:4.1.5.10:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:metadata_hub:*:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:metadata_hub:4.1.5.10:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:authorization_gateway:4.1.6.11:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:authorization_gateway:4.2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:authorization_gateway:4.3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:metadata_hub:4.2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:authorization_gateway:4.2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:abinitio:metadata_hub:4.2.1.6:*:*:*:*:*:*:*

08 Aug 2024, 20:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.3
CWE CWE-94

08 Aug 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-08 18:15

Updated : 2024-08-29 14:29


NVD link : CVE-2024-37382

Mitre link : CVE-2024-37382

CVE.ORG link : CVE-2024-37382


JSON object : View

Products Affected

abinitio

  • authorization_gateway
  • metadata_hub
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')