Vulnerability Description
Anomali Match before 4.6.2 allows OS Command Injection. An authenticated admin user can inject and execute operating system commands. This arises from improper handling of untrusted input, enabling an attacker to elevate privileges, execute system commands, and potentially compromise the underlying operating system. The fixed versions are 4.4.5, 4.5.4, and 4.6.2. The earliest affected version is 4.3.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Anomali | Match | >= 4.3, < 4.4.5 |
Related Weaknesses (CWE)
References
- https://www.anomali.com/collaborate/ciso-blogProduct
- https://www.anomali.com/security-advisory/anml-2023-01MitigationVendor Advisory
- https://www.anomali.com/collaborate/ciso-blogProduct
- https://www.anomali.com/security-advisory/anml-2023-01MitigationVendor Advisory
FAQ
What is CVE-2023-49329?
CVE-2023-49329 is a vulnerability with a CVSS score of 7.2 (HIGH). Anomali Match before 4.6.2 allows OS Command Injection. An authenticated admin user can inject and execute operating system commands. This arises from improper handling of untrusted input, enabling an...
How severe is CVE-2023-49329?
CVE-2023-49329 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-49329?
Check the references section above for vendor advisories and patch information. Affected products include: Anomali Match.