{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-12652","assignerOrgId":"256c161b-b921-402b-8c3b-c6c9c14d5d88","state":"PUBLISHED","assignerShortName":"ZUSO ART","dateReserved":"2024-12-16T08:11:02.700Z","datePublished":"2024-12-26T04:05:16.468Z","dateUpdated":"2024-12-26T17:39:54.645Z"},"containers":{"cna":{"affected":[{"defaultStatus":"affected","product":"SmartRobot′s Conversational AI Platform","vendor":"Intumit","versions":[{"lessThan":"v7.2.0","status":"affected","version":"0","versionType":"custom"}]}],"datePublic":"2024-12-26T04:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A Improper Control of Generation of Code ('Code Injection') vulnerability in groovy script function in SmartRobot′s Conversational AI Platform before v7.2.0 allows remote authenticated users to perform arbitrary system commands via Groovy code."}],"value":"A Improper Control of Generation of Code ('Code Injection') vulnerability in groovy script function in SmartRobot′s Conversational AI Platform before v7.2.0 allows remote authenticated users to perform arbitrary system commands via Groovy code."}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":9.3,"baseSeverity":"CRITICAL","privilegesRequired":"HIGH","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-94","description":"CWE-94: Improper Control of Generation of Code ('Code Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"256c161b-b921-402b-8c3b-c6c9c14d5d88","shortName":"ZUSO ART","dateUpdated":"2024-12-26T04:05:16.468Z"},"references":[{"tags":["third-party-advisory"],"url":"https://zuso.ai/advisory/za-2024-13"}],"source":{"defect":["za-2024-13"],"discovery":"UNKNOWN"},"title":"Intumit SmartRobot′s Conversational AI Platform - Improper Control of Generation of Code ('Code Injection')","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-12-26T17:38:22.320001Z","id":"CVE-2024-12652","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-12-26T17:39:54.645Z"}}]}}