CVE-2024-3781

OS Command Injection vulnerability in WBSAirback

Severity Score

9.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

Command injection vulnerability in the operating system. Improper neutralisation of special elements in Active Directory integration allows the intended command to be modified when sent to a downstream component in WBSAirback 21.02.04.

Vulnerabilidad de inyección de comandos en el sistema operativo. La neutralización inadecuada de elementos especiales en la integración de Active Directory permite modificar el comando deseado cuando se envía a un componente posterior en WBSAirback 21.02.04.

*Credits: Sergio González González

CVSS Scores

INCIBEv3.1 9.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-04-15 CVE Reserved
2024-04-15 CVE Published
2024-04-16 EPSS Updated
2024-08-01 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CAPEC

References (1)

URL	Tag	Source
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
WBSAirback Search vendor "WBSAirback"		White Bear Solutions Search vendor "WBSAirback" for product "White Bear Solutions"				21.02.04 Search vendor "WBSAirback" for product "White Bear Solutions" and version "21.02.04"		en		Affected