{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-4326","assignerOrgId":"b1336bef-059d-4e13-b11b-9a6ef21b3c78","state":"PUBLISHED","assignerShortName":"Zowe","dateReserved":"2023-02-22T15:14:11.344Z","datePublished":"2023-02-22T15:21:06.657Z","dateUpdated":"2024-08-03T17:23:10.539Z"},"containers":{"cna":{"title":"Imperative Local Command Injection allows Activity Masking","affected":[{"vendor":"Open Mainframe Project","product":"Zowe","versions":[{"version":"1.16.0","status":"affected","lessThan":"1.28.2","versionType":"semver"},{"version":"2.0.0","status":"affected","lessThan":"2.5.0","versionType":"semver"}]}],"descriptions":[{"lang":"en","value":"A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI."}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"baseScore":3.3,"baseSeverity":"LOW","version":"3.1","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C/CR:L/IR:X/AR:X/MAV:L/MAC:L/MPR:L/MUI:N/MS:U/MC:L/MI:X/MA:X"}}],"solutions":[{"lang":"en","value":"This issue is fixed in Zowe 1.28.2 or later, and Zowe 2.5.0 or later."}],"exploits":[{"lang":"en","value":"There are no known exploits of this issue."}],"credits":[{"lang":"en","value":"Andrew Harn","type":"finder"},{"lang":"en","value":"SonarCloud","type":"tool"}],"providerMetadata":{"orgId":"b1336bef-059d-4e13-b11b-9a6ef21b3c78","shortName":"Zowe","dateUpdated":"2023-03-01T05:44:22.188Z"},"references":[{"tags":["product"],"url":"https://github.com/zowe/imperative/"}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T17:23:10.539Z"},"title":"CVE Program Container","references":[{"tags":["product","x_transferred"],"url":"https://github.com/zowe/imperative/"}]}]}}