CVE-2024-3781

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-3781
Command injection vulnerability in the operating system. Improper neutralisation of special elements in Active Directory integration allows the intended command to be modified when sent to a downstream component in WBSAirback 21.02.04.

9.1 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:whitebearsolutions:wbsairback:21.02.04:*:*:*:*:*:*:*
History

27 Feb 2025, 15:34

Type Values Removed Values Added
CPE cpe:2.3:a:whitebearsolutions:wbsairback:21.02.04:*:*:*:*:*:*:*
References () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions - () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions - Third Party Advisory
First Time Whitebearsolutions wbsairback
Whitebearsolutions

21 Nov 2024, 09:30

Type Values Removed Values Added
References () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions - () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions -

15 Apr 2024, 19:12

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de inyección de comandos en el sistema operativo. La neutralización inadecuada de elementos especiales en la integración de Active Directory permite modificar el comando deseado cuando se envía a un componente posterior en WBSAirback 21.02.04.

15 Apr 2024, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-15 14:15

Updated : 2025-02-27 15:34

NVD link : CVE-2024-3781

Mitre link : CVE-2024-3781

CVE.ORG link : CVE-2024-3781

JSON object : View

Products Affected

whitebearsolutions

  • wbsairback
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')