An incorrect access control vulnerability in Rubrik CDM versions prior to 9.1.2-p1, 9.0.3-p6 and 8.1.3-p12, allows an attacker with network access to execute arbitrary code.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 30 Aug 2024 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Rubrik cloud Data Management
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:a:rubrik:cloud_data_management:*:*:*:*:*:*:*:*
cpe:2.3:a:rubrik:cloud_data_management:8.1.3:-:*:*:*:*:*:*
cpe:2.3:a:rubrik:cloud_data_management:8.1.3:p1:*:*:*:*:*:*
cpe:2.3:a:rubrik:cloud_data_management:8.1.3:p2:*:*:*:*:*:*
cpe:2.3:a:rubrik:cloud_data_management:8.1.3:p3:*:*:*:*:*:*
cpe:2.3:a:rubrik:cloud_data_management:8.1.3:p4:*:*:*:*:*:*
cpe:2.3:a:rubrik:cloud_data_management:8.1.3:p5:*:*:*:*:*:*
cpe:2.3:a:rubrik:cloud_data_management:9.0.3:-:*:*:*:*:*:*
cpe:2.3:a:rubrik:cloud_data_management:9.1.2:-:*:*:*:*:*:*
Vendors & Products Rubrik cloud Data Management

Tue, 27 Aug 2024 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Rubrik
Rubrik cdm
Weaknesses CWE-284
CPEs cpe:2.3:a:rubrik:cdm:*:*:*:*:*:*:*:*
Vendors & Products Rubrik
Rubrik cdm
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 27 Aug 2024 17:45:00 +0000

Type Values Removed Values Added
Description An incorrect access control vulnerability in Rubrik CDM versions prior to 9.1.2-p1, 9.0.3-p6 and 8.1.3-p12, allows an attacker with network access to execute arbitrary code.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-27T18:47:18.390Z

Reserved: 2024-05-19T00:00:00

Link: CVE-2024-36068

cve-icon Vulnrichment

Updated: 2024-08-27T18:46:12.607Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-27T18:15:14.427

Modified: 2024-09-05T20:27:19.640

Link: CVE-2024-36068

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.