7 matches found
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to systeminformation-5.22.11.tgz CVE-2024-56334
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to systeminformation-5.22.11.tgz CVE-2024-56334. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-56334 DESCRIPTION: systeminformation is a System and OS informati...
CVE-2024-56334
A flaw was found in the systeminformation library for Node.js. In Windows systems, the SSID parameter of the getWindowsIEEE8021x function is not sanitized before it is passed to cmd.exe. This may allow a remote attacker to execute arbitrary commands on the target system. Mitigation Mitigation for...
CVE-2024-56334
systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the getWindowsIEEE8021x function. This means that malicious content in the SSID can be executed as OS commands. This...
CVE-2024-56334 Command injection vulnerability in getWindowsIEEE8021x (SSID) function in systeminformation
systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the getWindowsIEEE8021x function. This means that malicious content in the SSID can be executed as OS commands. This...
CVE-2024-56334 Command injection vulnerability in getWindowsIEEE8021x (SSID) function in systeminformation
systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the getWindowsIEEE8021x function. This means that malicious content in the SSID can be executed as OS commands. This...
CVE-2024-56334
The CVE-2024-56334 issue affects the Node.js library systeminformation. Affected versions permit SSIDs to be passed unsafely to cmd.exe in getWindowsIEEE8021x, enabling potential remote code execution or local privilege escalation. The root cause is lack of sanitization of SSIDs before command ex...
CVE-2024-56334
creationtimestamp| type| source ---|---|--- 2024-12-20 17:26:22+00:00| published-proof-of-concept| https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-cvv5-9h9w-qp2m 2024-12-20 20:20:19+00:00| seen| https://infosec.exchange/users/cve/statuses/113687004395004128 2024-12-20...