CVE-2023-49329
Last modified
CVE-2023-49329 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. Anomali Match before 4.6.2 allows OS Command Injection. An authenticated admin user can inject and execute operating system commands. EPSS estimates a 1.27% chance of exploitation in the next 30 days.
Description
Anomali Match before 4.6.2 allows OS Command Injection. An authenticated admin user can inject and execute operating system commands. This arises from improper handling of untrusted input, enabling an attacker to elevate privileges, execute system commands, and potentially compromise the underlying operating system. The fixed versions are 4.4.5, 4.5.4, and 4.6.2. The earliest affected version is 4.3.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Anomali | Match | >= 4.3, < 4.4.5 |
| Anomali | Match | >= 4.5.0, < 4.5.4 |
| Anomali | Match | >= 4.6.0, < 4.6.2 |
References
- https://www.anomali.com/security-advisory/anml-2023-01Mitigation, Vendor Advisory
- https://www.anomali.com/security-advisory/anml-2023-01Mitigation, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-49329?
How severe is CVE-2023-49329?
How do I fix CVE-2023-49329?
Are you affected by CVE-2023-49329?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST