nvd-json-data-feeds/CVE-2024/CVE-2024-126xx/CVE-2024-12652.json

{
  "id": "CVE-2024-12652",
  "sourceIdentifier": "ART@zuso.ai",
  "published": "2024-12-26T04:15:05.660",
  "lastModified": "2024-12-26T04:15:05.660",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Improper Control of Generation of Code ('Code Injection') vulnerability in groovy script function in SmartRobot\u2032s Conversational AI Platform before v7.2.0 allows remote authenticated users to perform arbitrary system commands via Groovy code."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de control inadecuado de la generaci\u00f3n de c\u00f3digo (\"inyecci\u00f3n de c\u00f3digo\") en SmartRobot?s Conversational AI Platform anterior a v7.2.0 permite a usuarios remotos autenticados realizar comandos arbitrarios del sistema a trav\u00e9s de c\u00f3digo Groovy."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "ART@zuso.ai",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "baseScore": 9.3,
          "baseSeverity": "CRITICAL",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnAvailabilityImpact": "HIGH",
          "subConfidentialityImpact": "LOW",
          "subIntegrityImpact": "LOW",
          "subAvailabilityImpact": "HIGH",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirement": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "availabilityRequirement": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "valueDensity": "NOT_DEFINED",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "providerUrgency": "NOT_DEFINED"
        }
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ART@zuso.ai",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://zuso.ai/advisory/za-2024-13",
      "source": "ART@zuso.ai"
    }
  ]
}