Anomali Match before 4.6.2 allows OS Command Injection. An authenticated admin user can inject and execute operating system commands. This arises from improper handling of untrusted input, enabling an attacker to elevate privileges, execute system commands, and potentially compromise the underlying operating system. The fixed versions are 4.4.5, 4.5.4, and 4.6.2. The earliest affected version is 4.3.
References
Link | Resource |
---|---|
https://www.anomali.com/collaborate/ciso-blog | Product |
https://www.anomali.com/security-advisory/anml-2023-01 | Mitigation Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2024-01-19T00:00:00
Updated: 2024-01-19T20:28:02.855335
Reserved: 2023-11-27T00:00:00
Link: CVE-2023-49329
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-19T21:15:08.320
Modified: 2024-01-26T19:01:44.507
Link: CVE-2023-49329
JSON object: View
Redhat Information
No data.
CWE