CVE-2024-49588 (GCVE-0-2024-49588)

Vulnerability from cvelistv5 – Published: 2024-11-21 19:59 – Updated: 2024-11-27 16:13
VLAI?
Summary
Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections.
Severity ?
6.8 (Medium)
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/MAV:A/MAC:L/MPR:H/MUI:R/MS:U
CWE
  • CWE-89 - The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
Assigner
References
Impacted products
Vendor Product Version
Palantir com.palantir.srx.prometheus.sls-oracle-sidecar:sls-oracle-sidecar Affected: * , < 0.544.0 (semver)
Affected: 0.347.0 , < * (semver)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:oracle:oracle-sidecar:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "oracle-sidecar",
            "vendor": "oracle",
            "versions": [
              {
                "lessThan": "0.544.0",
                "status": "affected",
                "version": "0.347.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49588",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-27T15:36:09.668611Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-27T16:13:10.426Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "com.palantir.srx.prometheus.sls-oracle-sidecar:sls-oracle-sidecar",
          "vendor": "Palantir",
          "versions": [
            {
              "lessThan": "0.544.0",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            },
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0.347.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-66",
          "descriptions": [
            {
              "lang": "en",
              "value": "This attack exploits target software that constructs SQL statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL Injection results from failure of the application to appropriately validate input."
            }
          ]
        },
        {
          "capecId": "CAPEC-108",
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/MAV:A/MAC:L/MPR:H/MUI:R/MS:U",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-21T19:59:45.456Z",
        "orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
        "shortName": "Palantir"
      },
      "references": [
        {
          "url": "https://palantir.safebase.us/?tcuUid=b5724367-8b86-436a-8ef2-4480ec41cc2c"
        },
        {
          "url": "https://cwe.mitre.org/data/definitions/89.html"
        }
      ],
      "source": {
        "defect": [
          "PLTRSEC-2024-46"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Multiple authenticated SQL injections in oracle-sidecar"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
    "assignerShortName": "Palantir",
    "cveId": "CVE-2024-49588",
    "datePublished": "2024-11-21T19:59:45.456Z",
    "dateReserved": "2024-10-16T19:09:45.689Z",
    "dateUpdated": "2024-11-27T16:13:10.426Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections.\"}, {\"lang\": \"es\", \"value\": \"Se descubri\\u00f3 que varios endpoints en `oracle-sidecar` en las versiones 0.347.0 a 0.543.0 eran vulnerables a inyecciones de SQL.\"}]",
      "id": "CVE-2024-49588",
      "lastModified": "2024-11-21T20:15:42.707",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"cve-coordination@palantir.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 6.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.9, \"impactScore\": 5.9}]}",
      "published": "2024-11-21T20:15:42.707",
      "references": "[{\"url\": \"https://cwe.mitre.org/data/definitions/89.html\", \"source\": \"cve-coordination@palantir.com\"}, {\"url\": \"https://palantir.safebase.us/?tcuUid=b5724367-8b86-436a-8ef2-4480ec41cc2c\", \"source\": \"cve-coordination@palantir.com\"}]",
      "sourceIdentifier": "cve-coordination@palantir.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"cve-coordination@palantir.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-49588\",\"sourceIdentifier\":\"cve-coordination@palantir.com\",\"published\":\"2024-11-21T20:15:42.707\",\"lastModified\":\"2024-11-21T20:15:42.707\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 que varios endpoints en `oracle-sidecar` en las versiones 0.347.0 a 0.543.0 eran vulnerables a inyecciones de SQL.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve-coordination@palantir.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"cve-coordination@palantir.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"references\":[{\"url\":\"https://cwe.mitre.org/data/definitions/89.html\",\"source\":\"cve-coordination@palantir.com\"},{\"url\":\"https://palantir.safebase.us/?tcuUid=b5724367-8b86-436a-8ef2-4480ec41cc2c\",\"source\":\"cve-coordination@palantir.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"providerMetadata\": {\"orgId\": \"bbcbe11d-db20-4bc2-8a6e-c79f87041fd4\", \"shortName\": \"Palantir\", \"dateUpdated\": \"2024-11-21T19:59:45.456Z\"}, \"references\": [{\"url\": \"https://palantir.safebase.us/?tcuUid=b5724367-8b86-436a-8ef2-4480ec41cc2c\"}, {\"url\": \"https://cwe.mitre.org/data/definitions/89.html\"}], \"impacts\": [{\"capecId\": \"CAPEC-66\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"This attack exploits target software that constructs SQL statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL Injection results from failure of the application to appropriately validate input.\"}]}, {\"capecId\": \"CAPEC-108\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"baseSeverity\": \"MEDIUM\", \"baseScore\": 6.8, \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/MAV:A/MAC:L/MPR:H/MUI:R/MS:U\", \"version\": \"3.1\"}}], \"source\": {\"defect\": [\"PLTRSEC-2024-46\"], \"discovery\": \"INTERNAL\"}, \"title\": \"Multiple authenticated SQL injections in oracle-sidecar\", \"affected\": [{\"product\": \"com.palantir.srx.prometheus.sls-oracle-sidecar:sls-oracle-sidecar\", \"versions\": [{\"versionType\": \"semver\", \"lessThan\": \"0.544.0\", \"version\": \"*\", \"status\": \"affected\"}, {\"versionType\": \"semver\", \"lessThan\": \"*\", \"version\": \"0.347.0\", \"status\": \"affected\"}], \"vendor\": \"Palantir\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections.\"}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-89\", \"description\": \"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.\", \"lang\": \"en\", \"type\": \"CWE\"}]}]}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-49588\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-27T15:36:09.668611Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:oracle:oracle-sidecar:*:*:*:*:*:*:*:*\"], \"vendor\": \"oracle\", \"product\": \"oracle-sidecar\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.347.0\", \"lessThan\": \"0.544.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-27T16:13:01.870Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-49588\", \"assignerOrgId\": \"bbcbe11d-db20-4bc2-8a6e-c79f87041fd4\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"Palantir\", \"dateReserved\": \"2024-10-16T19:09:45.689Z\", \"datePublished\": \"2024-11-21T19:59:45.456Z\", \"dateUpdated\": \"2024-11-27T16:13:10.426Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.