5 matches found
CVE-2025-3572
CVE-2025-3572 concerns a Server-Side Request Forgery in INTUMIT’s SmartRobot. The issue allows unauthenticated remote attackers to probe internal networks and access arbitrary local files on the server via SSRF in the affected SmartRobot component. Public listings consistently describe the vulner...
CVE-2024-12652
CVE-2024-12652 affects Intumit SmartRobot’s Conversational AI Platform. A vulnerability in the groovy script function prior to v7.2.0 enables remote authenticated users to execute arbitrary system commands via Groovy code (Code Injection). This can impact availability, confidentiality, and integr...
CVE-2024-0552
CVE-2024-0552 relates to a remote code execution vulnerability in Intumit inc. SmartRobot’s web framework. The most concrete details across the provided documents indicate that the issue lies in the framework’s handling in a way that allows an unauthenticated attacker to execute arbitrary command...
CVE-2024-2413
CVE-2024-2413 affects Intumit SmartRobot, which uses a fixed cryptographic key for authentication. This allows remote attackers to craft an authentication code by encrypting a string of the user’s name and a timestamp, enabling administrator privileges and potential arbitrary code execution on th...
CVE-2024-8776
CVE-2024-8776 affects Intumit SmartRobot. Root cause: insufficient validation of a page parameter enables unauthenticated remote attackers to perform reflected Cross-Site Scripting by injecting JavaScript into the parameter. Impact per sources: potential JavaScript execution in responses; CVSS 3....