All the vulnerabilites related to RTI - Connext Professional
cve-2024-52060
Vulnerability from cvelistv5
Published
2024-12-13 10:19
Modified
2024-12-13 10:19
Severity ?
EPSS score ?
Summary
Potential stack overflow when using XML configuration file referencing environment variables
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | RTI | Connext Professional |
Version: 7.0.0 < 7.3.0.5 Version: 6.1.0 < 6.1.2.21 Version: 6.0.0 < 6.0.1.40 Version: 5.3.0 < 5.3.1.45 |
|
|
|||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Routing Service",
"Recording Service",
"Queuing Service",
"Observability Collector Service",
"Cloud Discovery Service"
],
"product": "Connext Professional",
"vendor": "RTI",
"versions": [
{
"lessThan": "7.3.0.5",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.1.2.21",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "6.0.1.40",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"lessThan": "5.3.1.45",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-12-12T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Routing Service, Recording Service, Queuing Service, Observability Collector Service, Cloud Discovery Service) allows Buffer Overflow via Environment Variables.\u003cp\u003eThis issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.1.45.\u003c/p\u003e"
}
],
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Routing Service, Recording Service, Queuing Service, Observability Collector Service, Cloud Discovery Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.1.45."
}
],
"impacts": [
{
"capecId": "CAPEC-10",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-10 Buffer Overflow via Environment Variables"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-13T10:19:22.641Z",
"orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"shortName": "RTI"
},
"references": [
{
"url": "https://www.rti.com/vulnerabilities/#cve-2024-52060"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential stack overflow when using XML configuration file referencing environment variables",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"assignerShortName": "RTI",
"cveId": "CVE-2024-52060",
"datePublished": "2024-12-13T10:19:22.641Z",
"dateReserved": "2024-11-05T19:04:16.675Z",
"dateUpdated": "2024-12-13T10:19:22.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-52057
Vulnerability from cvelistv5
Published
2024-12-13 10:12
Modified
2024-12-13 10:12
Severity ?
EPSS score ?
Summary
Potential arbitrary SQL query execution in Queuing Service while parsing malicious remote commands or configuration files
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | RTI | Connext Professional |
Version: 7.0.0 < 7.3.0 Version: 6.1.0 < 6.1.2.17 Version: 6.0.0 < 6.0.* Version: 5.2.0 < 5.3.* |
|
|
|||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Queuing Service"
],
"product": "Connext Professional",
"vendor": "RTI",
"versions": [
{
"lessThan": "7.3.0",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.1.2.17",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "6.0.*",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"lessThan": "5.3.*",
"status": "affected",
"version": "5.2.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-12-12T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in RTI Connext Professional (Queuing Service) allows SQL Injection.\u003cp\u003eThis issue affects Connext Professional: from 7.0.0 before 7.3.0, from 6.1.0 before 6.1.2.17, from 6.0.0 before 6.0.*, from 5.2.0 before 5.3.*.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in RTI Connext Professional (Queuing Service) allows SQL Injection.This issue affects Connext Professional: from 7.0.0 before 7.3.0, from 6.1.0 before 6.1.2.17, from 6.0.0 before 6.0.*, from 5.2.0 before 5.3.*."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-13T10:12:32.502Z",
"orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"shortName": "RTI"
},
"references": [
{
"url": "https://www.rti.com/vulnerabilities/#cve-2024-52057"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential arbitrary SQL query execution in Queuing Service while parsing malicious remote commands or configuration files",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"assignerShortName": "RTI",
"cveId": "CVE-2024-52057",
"datePublished": "2024-12-13T10:12:32.502Z",
"dateReserved": "2024-11-05T19:04:16.675Z",
"dateUpdated": "2024-12-13T10:12:32.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-52062
Vulnerability from cvelistv5
Published
2024-12-13 10:20
Modified
2024-12-13 10:20
Severity ?
EPSS score ?
Summary
Potential stack buffer write overflow in Connext applications while parsing malicious XML types document
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | RTI | Connext Professional |
Version: 7.0.0 < 7.3.0.5 Version: 6.1.0 < 6.1.2.21 Version: 6.0.0 < 6.0.1.40 Version: 5.0.0 < 5.3.1.45 |
|
|
|||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Core Libraries"
],
"product": "Connext Professional",
"vendor": "RTI",
"versions": [
{
"lessThan": "7.3.0.5",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.1.2.21",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "6.0.1.40",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"lessThan": "5.3.1.45",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-12-12T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.\u003cp\u003eThis issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45.\u003c/p\u003e"
}
],
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45."
}
],
"impacts": [
{
"capecId": "CAPEC-46",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-46 Overflow Variables and Tags"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-13T10:20:49.069Z",
"orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"shortName": "RTI"
},
"references": [
{
"url": "https://www.rti.com/vulnerabilities/#cve-2024-52062"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential stack buffer write overflow in Connext applications while parsing malicious XML types document",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"assignerShortName": "RTI",
"cveId": "CVE-2024-52062",
"datePublished": "2024-12-13T10:20:49.069Z",
"dateReserved": "2024-11-05T19:04:16.675Z",
"dateUpdated": "2024-12-13T10:20:49.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-52059
Vulnerability from cvelistv5
Published
2024-12-13 10:18
Modified
2024-12-13 10:18
Severity ?
EPSS score ?
Summary
Potential heap buffer overflow in Security Plugins while creating a DomainParticipant that uses a malformed Identity Certificate
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | RTI | Connext Professional |
Version: 7.0.0 < 7.3.0.2 Version: 6.1.0 < 6.1.2.17 |
|
|
|||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Security Plugins"
],
"product": "Connext Professional",
"vendor": "RTI",
"versions": [
{
"lessThan": "7.3.0.2",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.1.2.17",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-12-12T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Security Plugins) allows Overflow Variables and Tags.\u003cp\u003eThis issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.17.\u003c/p\u003e"
}
],
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Security Plugins) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.17."
}
],
"impacts": [
{
"capecId": "CAPEC-46",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-46 Overflow Variables and Tags"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-13T10:18:35.943Z",
"orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"shortName": "RTI"
},
"references": [
{
"url": "https://www.rti.com/vulnerabilities/#cve-2024-52059"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential heap buffer overflow in Security Plugins while creating a DomainParticipant that uses a malformed Identity Certificate",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"assignerShortName": "RTI",
"cveId": "CVE-2024-52059",
"datePublished": "2024-12-13T10:18:35.943Z",
"dateReserved": "2024-11-05T19:04:16.675Z",
"dateUpdated": "2024-12-13T10:18:35.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-52066
Vulnerability from cvelistv5
Published
2024-12-13 10:23
Modified
2024-12-13 10:23
Severity ?
EPSS score ?
Summary
Potential stack corruption in Routing Service when using a malicious XML configuration document
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | RTI | Connext Professional |
Version: 7.4.0 < 7.5.0 Version: 7.0.0 < 7.3.0.5 Version: 6.1.0 < 6.1.2.21 Version: 6.0.0 < 6.0.1.40 |
|
|
|||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Routing Service"
],
"product": "Connext Professional",
"vendor": "RTI",
"versions": [
{
"lessThan": "7.5.0",
"status": "affected",
"version": "7.4.0",
"versionType": "custom"
},
{
"lessThan": "7.3.0.5",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.1.2.21",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "6.0.1.40",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-12-12T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Routing Service) allows Overflow Variables and Tags.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40.\u003c/p\u003e"
}
],
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40."
}
],
"impacts": [
{
"capecId": "CAPEC-46",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-46 Overflow Variables and Tags"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-13T10:23:18.645Z",
"orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"shortName": "RTI"
},
"references": [
{
"url": "https://www.rti.com/vulnerabilities/#cve-2024-52066"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential stack corruption in Routing Service when using a malicious XML configuration document",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"assignerShortName": "RTI",
"cveId": "CVE-2024-52066",
"datePublished": "2024-12-13T10:23:18.645Z",
"dateReserved": "2024-11-05T19:04:16.676Z",
"dateUpdated": "2024-12-13T10:23:18.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-52063
Vulnerability from cvelistv5
Published
2024-12-13 10:21
Modified
2024-12-13 10:21
Severity ?
EPSS score ?
Summary
Potential stack buffer write overflow in Connext applications while parsing malicious XML types document
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | RTI | Connext Professional |
Version: 7.0.0 < 7.3.0.5 Version: 6.1.0 < 6.1.2.21 Version: 6.0.0 < 6.0.1.40 Version: 5.0.0 < 5.3.1.45 |
|
|
|||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Core Libraries",
"Routing Service"
],
"product": "Connext Professional",
"vendor": "RTI",
"versions": [
{
"lessThan": "7.3.0.5",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.1.2.21",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "6.0.1.40",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"lessThan": "5.3.1.45",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-12-12T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Core Libraries, Routing Service) allows Overflow Variables and Tags.\u003cp\u003eThis issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45.\u003c/p\u003e"
}
],
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Core Libraries, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45."
}
],
"impacts": [
{
"capecId": "CAPEC-46",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-46 Overflow Variables and Tags"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-13T10:21:25.292Z",
"orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"shortName": "RTI"
},
"references": [
{
"url": "https://www.rti.com/vulnerabilities/#cve-2024-52063"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential stack buffer write overflow in Connext applications while parsing malicious XML types document",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"assignerShortName": "RTI",
"cveId": "CVE-2024-52063",
"datePublished": "2024-12-13T10:21:25.292Z",
"dateReserved": "2024-11-05T19:04:16.676Z",
"dateUpdated": "2024-12-13T10:21:25.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-52064
Vulnerability from cvelistv5
Published
2024-12-13 10:21
Modified
2024-12-13 10:21
Severity ?
EPSS score ?
Summary
Potential stack buffer write overflow in Connext applications while parsing malicious license file
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | RTI | Connext Professional |
Version: 7.0.0 < 7.3.0.2 Version: 6.1.0 < 6.1.2.21 Version: 6.0.0 < 6.0.1.40 Version: 5.0.0 < 5.3.1.45 |
|
|
|||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Core Libraries"
],
"product": "Connext Professional",
"vendor": "RTI",
"versions": [
{
"lessThan": "7.3.0.2",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.1.2.21",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "6.0.1.40",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"lessThan": "5.3.1.45",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-12-12T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.\u003cp\u003eThis issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45.\u003c/p\u003e"
}
],
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45."
}
],
"impacts": [
{
"capecId": "CAPEC-46",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-46 Overflow Variables and Tags"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-13T10:21:58.790Z",
"orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"shortName": "RTI"
},
"references": [
{
"url": "https://www.rti.com/vulnerabilities/#cve-2024-52064"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential stack buffer write overflow in Connext applications while parsing malicious license file",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"assignerShortName": "RTI",
"cveId": "CVE-2024-52064",
"datePublished": "2024-12-13T10:21:58.790Z",
"dateReserved": "2024-11-05T19:04:16.676Z",
"dateUpdated": "2024-12-13T10:21:58.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-52061
Vulnerability from cvelistv5
Published
2024-12-13 10:20
Modified
2024-12-13 10:20
Severity ?
EPSS score ?
Summary
Potential stack buffer overflow when parsing an XML type
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | RTI | Connext Professional |
Version: 7.4.0 < 7.5.0 Version: 7.0.0 < 7.3.0.5 Version: 6.1.0 < 6.1.2.21 Version: 6.0.0 < 6.0.1.40 Version: 5.0.0 < 5.3.1.45 |
|
|
|||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Core Libraries",
"Queuing Service",
"Recording Service",
"Routing Service"
],
"product": "Connext Professional",
"vendor": "RTI",
"versions": [
{
"lessThan": "7.5.0",
"status": "affected",
"version": "7.4.0",
"versionType": "custom"
},
{
"lessThan": "7.3.0.5",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.1.2.21",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "6.0.1.40",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"lessThan": "5.3.1.45",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-12-12T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Core Libraries, Queuing Service, Recording Service, Routing Service) allows Overflow Variables and Tags.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45.\u003c/p\u003e"
}
],
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Core Libraries, Queuing Service, Recording Service, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45."
}
],
"impacts": [
{
"capecId": "CAPEC-46",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-46 Overflow Variables and Tags"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-13T10:20:13.392Z",
"orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"shortName": "RTI"
},
"references": [
{
"url": "https://www.rti.com/vulnerabilities/#cve-2024-52061"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential stack buffer overflow when parsing an XML type",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"assignerShortName": "RTI",
"cveId": "CVE-2024-52061",
"datePublished": "2024-12-13T10:20:13.392Z",
"dateReserved": "2024-11-05T19:04:16.675Z",
"dateUpdated": "2024-12-13T10:20:13.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-52058
Vulnerability from cvelistv5
Published
2024-12-13 10:17
Modified
2024-12-13 10:17
Severity ?
EPSS score ?
Summary
Potential arbitrary command execution in System Designer while parsing malicious HTTP/REST requests
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | RTI | Connext Professional |
Version: 7.0.0 < 7.3.0.2 Version: 6.1.0 < 6.1.2.19 |
|
|
|||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"System Designer"
],
"product": "Connext Professional",
"vendor": "RTI",
"versions": [
{
"lessThan": "7.3.0.2",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.1.2.19",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-12-12T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in RTI Connext Professional (System Designer) allows OS Command Injection.\u003cp\u003eThis issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.19.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in RTI Connext Professional (System Designer) allows OS Command Injection.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.19."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-13T10:17:25.490Z",
"orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"shortName": "RTI"
},
"references": [
{
"url": "https://www.rti.com/vulnerabilities/#cve-2024-52058"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential arbitrary command execution in System Designer while parsing malicious HTTP/REST requests",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"assignerShortName": "RTI",
"cveId": "CVE-2024-52058",
"datePublished": "2024-12-13T10:17:25.490Z",
"dateReserved": "2024-11-05T19:04:16.675Z",
"dateUpdated": "2024-12-13T10:17:25.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-52065
Vulnerability from cvelistv5
Published
2024-12-13 10:22
Modified
2024-12-13 10:22
Severity ?
EPSS score ?
Summary
Potential stack buffer write overflow in Persistence Service while parsing malicious environment variable on non-Windows systems
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | RTI | Connext Professional |
Version: 7.0.0 < 7.3.0.2 Version: 6.1.1.2 < 6.1.2.21 Version: 5.3.1.40 < 5.3.1.41 |
|
|
|||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Persistence Service"
],
"platforms": [
"non-Windows"
],
"product": "Connext Professional",
"vendor": "RTI",
"versions": [
{
"lessThan": "7.3.0.2",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.1.2.21",
"status": "affected",
"version": "6.1.1.2",
"versionType": "custom"
},
{
"lessThan": "5.3.1.41",
"status": "affected",
"version": "5.3.1.40",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-12-12T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional on non-Windows (Persistence Service) allows Buffer Overflow via Environment Variables.\u003cp\u003eThis issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.1.2 before 6.1.2.21, from 5.3.1.40 before 5.3.1.41.\u003c/p\u003e"
}
],
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional on non-Windows (Persistence Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.1.2 before 6.1.2.21, from 5.3.1.40 before 5.3.1.41."
}
],
"impacts": [
{
"capecId": "CAPEC-10",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-10 Buffer Overflow via Environment Variables"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-13T10:22:34.728Z",
"orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"shortName": "RTI"
},
"references": [
{
"url": "https://www.rti.com/vulnerabilities/#cve-2024-52065"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential stack buffer write overflow in Persistence Service while parsing malicious environment variable on non-Windows systems",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"assignerShortName": "RTI",
"cveId": "CVE-2024-52065",
"datePublished": "2024-12-13T10:22:34.728Z",
"dateReserved": "2024-11-05T19:04:16.676Z",
"dateUpdated": "2024-12-13T10:22:34.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}