Vulnerabilites related to Intumit - SmartRobot′s Conversational AI Platform
CVE-2024-12652 (GCVE-0-2024-12652)
Vulnerability from cvelistv5
Published
2024-12-26 04:05
Modified
2024-12-26 17:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Summary
A Improper Control of Generation of Code ('Code Injection') vulnerability in groovy script function in SmartRobot′s Conversational AI Platform before v7.2.0 allows remote authenticated users to perform arbitrary system commands via Groovy code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://zuso.ai/advisory/za-2024-13 | third-party-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Intumit | SmartRobot′s Conversational AI Platform |
Version: 0 < v7.2.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12652",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-26T17:38:22.320001Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-26T17:39:54.645Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SmartRobot\u2032s Conversational AI Platform",
"vendor": "Intumit",
"versions": [
{
"lessThan": "v7.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-12-26T04:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in groovy script function in SmartRobot\u2032s Conversational AI Platform before v7.2.0 allows remote authenticated users to perform arbitrary system commands via Groovy code."
}
],
"value": "A Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in groovy script function in SmartRobot\u2032s Conversational AI Platform before v7.2.0 allows remote authenticated users to perform arbitrary system commands via Groovy code."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-26T04:05:16.468Z",
"orgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"shortName": "ZUSO ART"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://zuso.ai/advisory/za-2024-13"
}
],
"source": {
"defect": [
"za-2024-13"
],
"discovery": "UNKNOWN"
},
"title": "Intumit SmartRobot\u2032s Conversational AI Platform - Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"assignerShortName": "ZUSO ART",
"cveId": "CVE-2024-12652",
"datePublished": "2024-12-26T04:05:16.468Z",
"dateReserved": "2024-12-16T08:11:02.700Z",
"dateUpdated": "2024-12-26T17:39:54.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}