Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

CVE-2024-12652 (GCVE-0-2024-12652)

Vulnerability from cvelistv5 – Published: 2024-12-26 04:05 – Updated: 2024-12-26 17:39

Summary

A Improper Control of Generation of Code ('Code Injection') vulnerability in groovy script function in SmartRobot′s Conversational AI Platform before v7.2.0 allows remote authenticated users to perform arbitrary system commands via Groovy code.

Severity ?

9.3 (Critical)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Assigner

ZUSO ART

References

URL

Tags

https://zuso.ai/advisory/za-2024-13

third-party-advisory

Impacted products

	Vendor	Product	Version
	Intumit	SmartRobot′s Conversational AI Platform	Affected: 0 , < v7.2.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12652",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-26T17:38:22.320001Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-26T17:39:54.645Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "SmartRobot\u2032s Conversational AI Platform",
          "vendor": "Intumit",
          "versions": [
            {
              "lessThan": "v7.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-12-26T04:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in groovy script function in SmartRobot\u2032s Conversational AI Platform before v7.2.0 allows remote authenticated users to perform arbitrary system commands via Groovy code."
            }
          ],
          "value": "A Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in groovy script function in SmartRobot\u2032s Conversational AI Platform before v7.2.0 allows remote authenticated users to perform arbitrary system commands via Groovy code."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-26T04:05:16.468Z",
        "orgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
        "shortName": "ZUSO ART"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://zuso.ai/advisory/za-2024-13"
        }
      ],
      "source": {
        "defect": [
          "za-2024-13"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Intumit SmartRobot\u2032s Conversational AI Platform - Improper Control of Generation of Code (\u0027Code Injection\u0027)",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
    "assignerShortName": "ZUSO ART",
    "cveId": "CVE-2024-12652",
    "datePublished": "2024-12-26T04:05:16.468Z",
    "dateReserved": "2024-12-16T08:11:02.700Z",
    "dateUpdated": "2024-12-26T17:39:54.645Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-12652 (GCVE-0-2024-12652)

Vulnerability from nvd – Published: 2024-12-26 04:05 – Updated: 2024-12-26 17:39

Summary

A Improper Control of Generation of Code ('Code Injection') vulnerability in groovy script function in SmartRobot′s Conversational AI Platform before v7.2.0 allows remote authenticated users to perform arbitrary system commands via Groovy code.

Severity ?

9.3 (Critical)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Assigner

ZUSO ART

References

URL

Tags

https://zuso.ai/advisory/za-2024-13

third-party-advisory

Impacted products

	Vendor	Product	Version
	Intumit	SmartRobot′s Conversational AI Platform	Affected: 0 , < v7.2.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12652",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-26T17:38:22.320001Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-26T17:39:54.645Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "SmartRobot\u2032s Conversational AI Platform",
          "vendor": "Intumit",
          "versions": [
            {
              "lessThan": "v7.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-12-26T04:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in groovy script function in SmartRobot\u2032s Conversational AI Platform before v7.2.0 allows remote authenticated users to perform arbitrary system commands via Groovy code."
            }
          ],
          "value": "A Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in groovy script function in SmartRobot\u2032s Conversational AI Platform before v7.2.0 allows remote authenticated users to perform arbitrary system commands via Groovy code."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-26T04:05:16.468Z",
        "orgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
        "shortName": "ZUSO ART"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://zuso.ai/advisory/za-2024-13"
        }
      ],
      "source": {
        "defect": [
          "za-2024-13"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Intumit SmartRobot\u2032s Conversational AI Platform - Improper Control of Generation of Code (\u0027Code Injection\u0027)",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
    "assignerShortName": "ZUSO ART",
    "cveId": "CVE-2024-12652",
    "datePublished": "2024-12-26T04:05:16.468Z",
    "dateReserved": "2024-12-16T08:11:02.700Z",
    "dateUpdated": "2024-12-26T17:39:54.645Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

2 vulnerabilities found for SmartRobot′s Conversational AI Platform by Intumit

CVE-2024-12652 (GCVE-0-2024-12652)

CVE-2024-12652 (GCVE-0-2024-12652)