Description
Anomali Match before 4.6.2 allows OS Command Injection. An authenticated admin user can inject and execute operating system commands. This arises from improper handling of untrusted input, enabling an attacker to elevate privileges, execute system commands, and potentially compromise the underlying operating system. The fixed versions are 4.4.5, 4.5.4, and 4.6.2. The earliest affected version is 4.3.
References (2)
Core 2
Core References
Mitigation, Vendor Advisory
https://www.anomali.com/security-advisory/anml-2023-01
Scores
CVSS v3
7.2
EPSS
0.0127
EPSS Percentile
66.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (1)
anomali/match
4.3 - 4.4.5
Published
Jan 19, 2024
Tracked Since
Feb 18, 2026