{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-52958", "assignerOrgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88", "state": "PUBLISHED", "assignerShortName": "ZUSO ART", "dateReserved": "2024-11-18T08:24:35.610Z", "datePublished": "2024-11-27T05:22:47.950Z", "dateUpdated": "2024-11-27T14:46:28.815Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "iota C.ai Conversational Platform", "vendor": "Galaxy Software Services Corporation", "versions": [{"lessThanOrEqual": "2.1.3", "status": "affected", "version": "1.0.0", "versionType": "custom"}]}], "datePublic": "2024-11-27T04:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function."}], "value": "A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-347", "description": "CWE-347: Improper Verification of Cryptographic Signature", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88", "shortName": "ZUSO ART", "dateUpdated": "2024-11-27T05:22:47.950Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://zuso.ai/advisory/za-2024-11"}], "source": {"defect": ["ZA-2024-11"], "discovery": "UNKNOWN"}, "title": "iota C.ai Conversational Platform - Improper Verification of Cryptographic Signature", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "galaxy_software_services_corporation", "product": "iota_c.ai_conversational_platform", "cpes": ["cpe:2.3:a:galaxy_software_services_corporation:iota_c.ai_conversational_platform:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0.0", "status": "affected", "lessThanOrEqual": "2.1.3", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-27T14:45:10.138270Z", "id": "CVE-2024-52958", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-27T14:46:28.815Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-52958", "assignerOrgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88", "state": "PUBLISHED", "assignerShortName": "ZUSO ART", "dateReserved": "2024-11-18T08:24:35.610Z", "datePublished": "2024-11-27T05:22:47.950Z", "dateUpdated": "2024-11-27T14:46:28.815Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "iota C.ai Conversational Platform", "vendor": "Galaxy Software Services Corporation", "versions": [{"lessThanOrEqual": "2.1.3", "status": "affected", "version": "1.0.0", "versionType": "custom"}]}], "datePublic": "2024-11-27T04:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function."}], "value": "A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-347", "description": "CWE-347: Improper Verification of Cryptographic Signature", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88", "shortName": "ZUSO ART", "dateUpdated": "2024-11-27T05:22:47.950Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://zuso.ai/advisory/za-2024-11"}], "source": {"defect": ["ZA-2024-11"], "discovery": "UNKNOWN"}, "title": "iota C.ai Conversational Platform - Improper Verification of Cryptographic Signature", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-52958", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-27T14:45:10.138270Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:galaxy_software_services_corporation:iota_c.ai_conversational_platform:*:*:*:*:*:*:*:*"], "vendor": "galaxy_software_services_corporation", "product": "iota_c.ai_conversational_platform", "versions": [{"status": "affected", "version": "1.0.0", "versionType": "custom", "lessThanOrEqual": "2.1.3"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-27T14:46:08.758Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gss:iota_c.ai:*:*:*:*:*:*:*:*", "matchCriteriaId": "C31D3870-EB20-4CDE-A95C-B9C590FF33A3", "versionEndIncluding": "2.1.3", "versionStartIncluding": "1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function."}, {"lang": "es", "value": "Una verificaci\u00f3n incorrecta de la vulnerabilidad de la firma criptogr\u00e1fica en la gesti\u00f3n de complementos en iota C.ai Conversational Platform desde 1.0.0 hasta 2.1.3 permite que usuarios autenticados remotos carguen una DLL maliciosa a trav\u00e9s de la funci\u00f3n de carga del complemento."}], "id": "CVE-2024-52958", "lastModified": "2026-03-06T18:42:54.940", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ART@zuso.ai", "type": "Secondary"}]}, "published": "2024-11-27T06:15:18.590", "references": [{"source": "ART@zuso.ai", "tags": ["Third Party Advisory"], "url": "https://zuso.ai/advisory/za-2024-11"}], "sourceIdentifier": "ART@zuso.ai", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "ART@zuso.ai", "type": "Secondary"}]}

{}

{}