{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6644", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-07-10T10:06:55.612Z", "datePublished": "2024-07-10T16:31:04.565Z", "dateUpdated": "2024-08-01T21:41:04.313Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-07-10T16:31:04.565Z"}, "title": "zmops ArgusDBM AviatorScript CalculateAlarm.java getDefaultClassLoader deserialization", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-502", "lang": "en", "description": "CWE-502 Deserialization"}]}], "affected": [{"vendor": "zmops", "product": "ArgusDBM", "versions": [{"version": "0.1", "status": "affected"}], "modules": ["AviatorScript Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in zmops ArgusDBM up to 0.1.0. It has been classified as critical. Affected is the function getDefaultClassLoader of the file CalculateAlarm.java of the component AviatorScript Handler. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-271050 is the identifier assigned to this vulnerability."}, {"lang": "de", "value": "Es wurde eine kritische Schwachstelle in zmops ArgusDBM bis 0.1.0 ausgemacht. Es betrifft die Funktion getDefaultClassLoader der Datei CalculateAlarm.java der Komponente AviatorScript Handler. Durch Beeinflussen mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "timeline": [{"time": "2024-07-10T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-07-10T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-07-10T12:12:41.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "aftersnow (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.271050", "name": "VDB-271050 | zmops ArgusDBM AviatorScript CalculateAlarm.java getDefaultClassLoader deserialization", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.271050", "name": "VDB-271050 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.367347", "name": "Submit #367347 | Zmops ArgusDBM <=0.1.0 AviatorScript Inject RCE", "tags": ["third-party-advisory"]}, {"url": "https://github.com/zmops/ArgusDBM/issues/64", "tags": ["exploit", "issue-tracking"]}]}, "adp": [{"affected": [{"vendor": "zmops", "product": "argusdbm", "cpes": ["cpe:2.3:a:zmops:argusdbm:0.1:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0.1", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-10T19:46:49.016873Z", "id": "CVE-2024-6644", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-10T20:56:21.180Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:41:04.313Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.271050", "name": "VDB-271050 | zmops ArgusDBM AviatorScript CalculateAlarm.java getDefaultClassLoader deserialization", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.271050", "name": "VDB-271050 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://vuldb.com/?submit.367347", "name": "Submit #367347 | Zmops ArgusDBM <=0.1.0 AviatorScript Inject RCE", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://github.com/zmops/ArgusDBM/issues/64", "tags": ["exploit", "issue-tracking", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.271050", "name": "VDB-271050 | zmops ArgusDBM AviatorScript CalculateAlarm.java getDefaultClassLoader deserialization", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.271050", "name": "VDB-271050 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://vuldb.com/?submit.367347", "name": "Submit #367347 | Zmops ArgusDBM <=0.1.0 AviatorScript Inject RCE", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://github.com/zmops/ArgusDBM/issues/64", "tags": ["exploit", "issue-tracking", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:41:04.313Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6644", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-10T19:46:49.016873Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:zmops:argusdbm:0.1:*:*:*:*:*:*:*"], "vendor": "zmops", "product": "argusdbm", "versions": [{"status": "affected", "version": "0.1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-10T19:52:17.964Z"}}], "cna": {"title": "zmops ArgusDBM AviatorScript CalculateAlarm.java getDefaultClassLoader deserialization", "credits": [{"lang": "en", "type": "reporter", "value": "aftersnow (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "affected": [{"vendor": "zmops", "modules": ["AviatorScript Handler"], "product": "ArgusDBM", "versions": [{"status": "affected", "version": "0.1"}]}], "timeline": [{"lang": "en", "time": "2024-07-10T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-07-10T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-07-10T12:12:41.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.271050", "name": "VDB-271050 | zmops ArgusDBM AviatorScript CalculateAlarm.java getDefaultClassLoader deserialization", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.271050", "name": "VDB-271050 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.367347", "name": "Submit #367347 | Zmops ArgusDBM <=0.1.0 AviatorScript Inject RCE", "tags": ["third-party-advisory"]}, {"url": "https://github.com/zmops/ArgusDBM/issues/64", "tags": ["exploit", "issue-tracking"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in zmops ArgusDBM up to 0.1.0. It has been classified as critical. Affected is the function getDefaultClassLoader of the file CalculateAlarm.java of the component AviatorScript Handler. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-271050 is the identifier assigned to this vulnerability."}, {"lang": "de", "value": "Es wurde eine kritische Schwachstelle in zmops ArgusDBM bis 0.1.0 ausgemacht. Es betrifft die Funktion getDefaultClassLoader der Datei CalculateAlarm.java der Komponente AviatorScript Handler. Durch Beeinflussen mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502 Deserialization"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-07-10T16:31:04.565Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6644", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:41:04.313Z", "dateReserved": "2024-07-10T10:06:55.612Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-07-10T16:31:04.565Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in zmops ArgusDBM up to 0.1.0. It has been classified as critical. Affected is the function getDefaultClassLoader of the file CalculateAlarm.java of the component AviatorScript Handler. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-271050 is the identifier assigned to this vulnerability."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en zmops ArgusDBM hasta 0.1.0. Ha sido clasificada como cr\u00edtica. La funci\u00f3n getDefaultClassLoader del archivo CalculateAlarm.java del componente AviatorScript Handler es afectada por la vulnerabilidad. La manipulaci\u00f3n conduce a la deserializaci\u00f3n. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-271050 es el identificador asignado a esta vulnerabilidad."}], "id": "CVE-2024-6644", "lastModified": "2024-07-11T13:05:54.930", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "LOW", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "LOW"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-07-10T17:15:12.980", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/zmops/ArgusDBM/issues/64"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.271050"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.271050"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.367347"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}