CVE-2024-3781 CRITICAL

CVE-2024-3781: OS Command Injection vulnerability in WBSAirback

Vendor Wbsairback

Product White Bear Solutions

Weakness CWE-78

Published April 15, 2024

Last update August 1, 2024

View on NVD All CVEs

CVSS base score

9.1/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Command injection vulnerability in the operating system. Improper neutralisation of special elements in Active Directory integration allows the intended command to be modified when sent to a downstream component in WBSAirback 21.02.04.

Key dates

02Disclosure timeline

April 15, 2024 CVE published

August 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-3781 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

CVE-2024-3781: OS Command Injection vulnerability in WBSAirback

01Description

02Disclosure timeline

03References

04Related CVE