A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function.
References
History

Wed, 27 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Galaxy Software Services Corporation
Galaxy Software Services Corporation iota C.ai Conversational Platform
CPEs cpe:2.3:a:galaxy_software_services_corporation:iota_c.ai_conversational_platform:*:*:*:*:*:*:*:*
Vendors & Products Galaxy Software Services Corporation
Galaxy Software Services Corporation iota C.ai Conversational Platform
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 27 Nov 2024 05:30:00 +0000

Type Values Removed Values Added
Description A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function.
Title iota C.ai Conversational Platform - Improper Verification of Cryptographic Signature
Weaknesses CWE-347
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ZUSO ART

Published: 2024-11-27T05:22:47.950Z

Updated: 2024-11-27T14:46:28.815Z

Reserved: 2024-11-18T08:24:35.610Z

Link: CVE-2024-52958

cve-icon Vulnrichment

Updated: 2024-11-27T14:46:08.758Z

cve-icon NVD

Status : Received

Published: 2024-11-27T06:15:18.590

Modified: 2024-11-27T06:15:18.590

Link: CVE-2024-52958

cve-icon Redhat

No data.