An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration.
References
| Link | Resource |
|---|---|
| https://www.abinitio.com/en/security-advisories/ab-2024-003/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
29 Aug 2024, 14:29
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Abinitio
Abinitio metadata Hub Abinitio authorization Gateway |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
| CWE | CWE-94 | |
| References | () https://www.abinitio.com/en/security-advisories/ab-2024-003/ - Vendor Advisory | |
| CPE | cpe:2.3:a:abinitio:metadata_hub:4.3.1.0:*:*:*:*:*:*:* cpe:2.3:a:abinitio:authorization_gateway:*:*:*:*:*:*:*:* cpe:2.3:a:abinitio:metadata_hub:4.2.3.4:*:*:*:*:*:*:* cpe:2.3:a:abinitio:metadata_hub:4.2.1.6:*:*:*:*:*:*:* cpe:2.3:a:abinitio:metadata_hub:4.2.2.8:*:*:*:*:*:*:* cpe:2.3:a:abinitio:authorization_gateway:4.1.6.11:*:*:*:*:*:*:* cpe:2.3:a:abinitio:authorization_gateway:4.1.5.10:*:*:*:*:*:*:* cpe:2.3:a:abinitio:metadata_hub:4.1.6.11:*:*:*:*:*:*:* cpe:2.3:a:abinitio:metadata_hub:4.1.5.10:*:*:*:*:*:*:* cpe:2.3:a:abinitio:authorization_gateway:4.3.1.0:*:*:*:*:*:*:* cpe:2.3:a:abinitio:authorization_gateway:4.2.3.4:*:*:*:*:*:*:* cpe:2.3:a:abinitio:metadata_hub:*:*:*:*:*:*:*:* cpe:2.3:a:abinitio:authorization_gateway:4.2.2.8:*:*:*:*:*:*:* cpe:2.3:a:abinitio:authorization_gateway:4.2.1.6:*:*:*:*:*:*:* |
08 Aug 2024, 18:55
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-08-08 18:15
Updated : 2024-08-29 14:29
NVD link : CVE-2024-37382
Mitre link : CVE-2024-37382
JSON object : View
Products Affected
abinitio
- authorization_gateway
- metadata_hub
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')