CVE-2024-37382
Severity CVSS v4.0:
Pending analysis
Type:
CWE-94
Code Injection
Publication date:
08/08/2024
Last modified:
29/08/2024
Description
An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration.
Impact
Base Score 3.x
7.20
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:abinitio:authorization_gateway:*:*:*:*:*:*:*:* | 4.1.4.9 (excluding) | |
| cpe:2.3:a:abinitio:authorization_gateway:4.1.5.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:abinitio:authorization_gateway:4.1.6.11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:abinitio:authorization_gateway:4.2.1.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:abinitio:authorization_gateway:4.2.2.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:abinitio:authorization_gateway:4.2.3.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:abinitio:authorization_gateway:4.3.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:abinitio:metadata_hub:*:*:*:*:*:*:*:* | 4.1.4.9 (excluding) | |
| cpe:2.3:a:abinitio:metadata_hub:4.1.5.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:abinitio:metadata_hub:4.1.6.11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:abinitio:metadata_hub:4.2.1.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:abinitio:metadata_hub:4.2.2.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:abinitio:metadata_hub:4.2.3.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:abinitio:metadata_hub:4.3.1.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page