CVE-2024-12652
Severity CVSS v4.0:
CRITICAL
Type:
CWE-94
Code Injection
Publication date:
26/12/2024
Last modified:
26/12/2024
Description
A Improper Control of Generation of Code ('Code Injection') vulnerability in groovy script function in SmartRobot′s Conversational AI Platform before v7.2.0 allows remote authenticated users to perform arbitrary system commands via Groovy code.
Impact
Base Score 4.0
9.30
Severity 4.0
CRITICAL