{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1032", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-01-29T14:09:30.900Z", "datePublished": "2024-01-30T13:31:05.697Z", "dateUpdated": "2024-08-27T20:30:58.534Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-02-09T19:12:55.460Z"}, "title": "openBI Test Connection Databasesource.php testConnection deserialization", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-502", "lang": "en", "description": "CWE-502 Deserialization"}]}], "affected": [{"vendor": "n/a", "product": "openBI", "versions": [{"version": "1.0.0", "status": "affected"}, {"version": "1.0.1", "status": "affected"}, {"version": "1.0.2", "status": "affected"}, {"version": "1.0.3", "status": "affected"}, {"version": "1.0.4", "status": "affected"}, {"version": "1.0.5", "status": "affected"}, {"version": "1.0.6", "status": "affected"}, {"version": "1.0.7", "status": "affected"}, {"version": "1.0.8", "status": "affected"}], "modules": ["Test Connection Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in openBI up to 1.0.8. Affected by this vulnerability is the function testConnection of the file /application/index/controller/Databasesource.php of the component Test Connection Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252307."}, {"lang": "de", "value": "In openBI bis 1.0.8 wurde eine kritische Schwachstelle entdeckt. Betroffen ist die Funktion testConnection der Datei /application/index/controller/Databasesource.php der Komponente Test Connection Handler. Dank der Manipulation mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "timeline": [{"time": "2024-01-29T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-01-29T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-01-29T15:14:56.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "glzjin (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.252307", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.252307", "tags": ["signature", "permissions-required"]}, {"url": "https://note.zhaoj.in/share/6ISYe2urjlkI", "tags": ["broken-link", "exploit"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:26:30.432Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.252307", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.252307", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://note.zhaoj.in/share/6ISYe2urjlkI", "tags": ["broken-link", "exploit", "x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-06T19:20:43.829701Z", "id": "CVE-2024-1032", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-27T20:30:58.534Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.252307", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.252307", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://note.zhaoj.in/share/6ISYe2urjlkI", "tags": ["broken-link", "exploit", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:26:30.432Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1032", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-06T19:20:43.829701Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-27T20:30:53.400Z"}}], "cna": {"title": "openBI Test Connection Databasesource.php testConnection deserialization", "credits": [{"lang": "en", "type": "reporter", "value": "glzjin (VulDB User)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "affected": [{"vendor": "n/a", "modules": ["Test Connection Handler"], "product": "openBI", "versions": [{"status": "affected", "version": "1.0.0"}, {"status": "affected", "version": "1.0.1"}, {"status": "affected", "version": "1.0.2"}, {"status": "affected", "version": "1.0.3"}, {"status": "affected", "version": "1.0.4"}, {"status": "affected", "version": "1.0.5"}, {"status": "affected", "version": "1.0.6"}, {"status": "affected", "version": "1.0.7"}, {"status": "affected", "version": "1.0.8"}]}], "timeline": [{"lang": "en", "time": "2024-01-29T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-01-29T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-01-29T15:14:56.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.252307", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.252307", "tags": ["signature", "permissions-required"]}, {"url": "https://note.zhaoj.in/share/6ISYe2urjlkI", "tags": ["broken-link", "exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in openBI up to 1.0.8. Affected by this vulnerability is the function testConnection of the file /application/index/controller/Databasesource.php of the component Test Connection Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252307."}, {"lang": "de", "value": "In openBI bis 1.0.8 wurde eine kritische Schwachstelle entdeckt. Betroffen ist die Funktion testConnection der Datei /application/index/controller/Databasesource.php der Komponente Test Connection Handler. Dank der Manipulation mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502 Deserialization"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-02-09T19:12:55.460Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1032", "state": "PUBLISHED", "dateUpdated": "2024-08-27T20:30:58.534Z", "dateReserved": "2024-01-29T14:09:30.900Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-01-30T13:31:05.697Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openbi_project:openbi:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D40C68D-DE97-41EC-AFF0-76E4EBCE8D51", "versionEndIncluding": "1.0.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in openBI up to 1.0.8. Affected by this vulnerability is the function testConnection of the file /application/index/controller/Databasesource.php of the component Test Connection Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252307."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en openBI hasta 1.0.8 y clasificada como cr\u00edtica. La funci\u00f3n testConnection del archivo /application/index/controller/Databasesource.php del componente Test Connection Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la deserializaci\u00f3n. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-252307."}], "id": "CVE-2024-1032", "lastModified": "2024-11-21T08:49:38.587", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-30T14:15:47.577", "references": [{"source": "cna@vuldb.com", "tags": ["Broken Link"], "url": "https://note.zhaoj.in/share/6ISYe2urjlkI"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required"], "url": "https://vuldb.com/?ctiid.252307"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required"], "url": "https://vuldb.com/?id.252307"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://note.zhaoj.in/share/6ISYe2urjlkI"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://vuldb.com/?ctiid.252307"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://vuldb.com/?id.252307"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}

{}