CVE-2024-52958 CRITICAL

CVE-2024-52958: iota C.ai Conversational Platform - Improper Verification of Cryptographic Signature

Vendor Galaxy Software Services Corporation
Product iota C.ai Conversational Platform
Weakness CWE-347
Published November 27, 2024
Last update November 27, 2024

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H

What the vulnerability does

01Description

A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function.

Key dates

02Disclosure timeline

November 27, 2024 CVE published
November 27, 2024 Record updated